Congestion avoidance and control
SIGCOMM '88 Symposium proceedings on Communications architectures and protocols
On estimating end-to-end network path properties
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Promoting the use of end-to-end congestion control in the Internet
IEEE/ACM Transactions on Networking (TON)
An analysis of using reflectors for distributed denial-of-service attacks
ACM SIGCOMM Computer Communication Review
TCP congestion control with a misbehaving receiver
ACM SIGCOMM Computer Communication Review
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Deconstructing the Kazaa Network
WIAPP '03 Proceedings of the The Third IEEE Workshop on Internet Applications
Measuring and analyzing the characteristics of Napster and Gnutella hosts
Multimedia Systems
Temporal search: detecting hidden malware timebombs with virtual machines
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
Enforcing layered multicast congestion control using ECN-nonce
Computer Networks: The International Journal of Computer and Telecommunications Networking
CRAFT: a new secure congestion control architecture
Proceedings of the 17th ACM conference on Computer and communications security
WDA: A Web farm Distributed Denial Of Service attack attenuator
Computer Networks: The International Journal of Computer and Telecommunications Networking
DefenestraTor: throwing out windows in Tor
PETS'11 Proceedings of the 11th international conference on Privacy enhancing technologies
Efficient defence against misbehaving TCP receiver DoS attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Forensic investigation of the OneSwarm anonymous filesharing system
Proceedings of the 18th ACM conference on Computer and communications security
LOT: A Defense Against IP Spoofing and Flooding Attacks
ACM Transactions on Information and System Security (TISSEC)
Fragmentation Considered Vulnerable
ACM Transactions on Information and System Security (TISSEC)
Hi-index | 0.00 |
An optimistic acknowledgment (opt-ack) is an acknowledgment sent by a misbehaving client for a data segment that it has not received. Whereas previous work has focused on opt-ack as a means to greedily improve end-to-end performance, we study opt-ack exclusively as a denial of service attack. Specifically, an attacker sends optimistic acknowledgments to many victims in parallel, thereby amplifying its effective bandwidth by a factor of 30 million (worst case). Thus, even a relatively modest attacker can totally saturate the paths from many victims back to the attacker. Worse, a distributed network of compromised machines ("zombies") attacking in parallel can exploit over-provisioning in the Internet to bring about wide-spread, sustained congestion collapse.We implement this attack both in simulation and in a wide-area network, and show it severity both in terms of number of packets and total traffic generated. We engineer and implement a novel solution that does not require client or network modifications allowing for practical deployment. Additionally, we demonstrate the solution's efficiency on a real network.