Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

Net hog TCP/IP hack

By pacc in News
Tue May 09, 2000 at 10:48:41 AM EST
Tags: Internet (all tags)

In the mood of newsdraught, why not The death of internet as we know it. Simply calculating the time for a server to send you a packet could let you acknowledge them before they reach you, giving you all available bandwith between you and the server for yourself...

The hack described in ArsTechnica could give us all problems if it delivers what it promise to all potential netabusers out there.

The hack is described in a "job talk" by Stefan Savage called "Network Services in an Uncooperative Internet."

Cited from the article in ArsTechnica by John Janotti:

"This article will cover the three main aspects of Stefan's talk. The first is a network measurement tool called Sting. Sting exploits some properties of TCP that allow you to investigate one-way packet loss between yourself and a server in either direction, all without having to install any special software on the server. The second part of the talk (and thus this article) covers three TCP/IP hacks that allow a client to hog a network by convincing the server to send it data arbitrarily fast, with no regard for the bandwidth needs of the other users on the network. The final part contains an ingenious proposal for defeating the recent distributed denial of service attacks that have plagued the Internet. This proposal is backwards compatible with existing protocols and can be incrementally deployed."


Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure


Related Links
o ArsTechnic a
o article
o Also by pacc

Display: Sort:
Net hog TCP/IP hack | 18 comments (18 topical, editorial, 0 hidden)
MLP, methinks.... (1.00 / 1) (#5)
by pwhysall on Tue May 09, 2000 at 08:18:53 AM EST

pwhysall voted -1 on this story.

MLP, methinks.
K5 Editors
I'm going to wager that the story keeps getting dumped because it is a steaming pile of badly formatted fool-meme.

Re: MLP, methinks.... (none / 0) (#15)
by Anonymous Hero on Wed May 10, 2000 at 01:41:06 AM EST

And MLP is? Mellow Lizard People? Masterful Lounge Pants? Moderate Liquidation Prices? Masterbate, Livelong, Prosper?

[ Parent ]
Re: MLP, methinks.... (none / 0) (#16)
by rusty on Wed May 10, 2000 at 02:20:40 AM EST

"Mindless Link Propagation". Although your suggestions could work too.

Not the real rusty
[ Parent ]
Interesting stuff...but the writeup... (none / 0) (#3)
by Emacs on Tue May 09, 2000 at 08:52:12 AM EST

Emacs voted 1 on this story.

Interesting stuff...but the writeup needs some proof-reading. It looks like someting I would write :)

That's pretty cool, now only to fig... (none / 0) (#7)
by feline on Tue May 09, 2000 at 09:00:25 AM EST

feline voted 1 on this story.

That's pretty cool, now only to figure out how to utilize this in a funner way with my 14.4k modem...

'Hello sir, you don't look like someone who satisfies his wife.'

Re: That's pretty cool, now only to fig... (2.00 / 1) (#17)
by Marcin on Wed May 10, 2000 at 02:23:42 AM EST

That's pretty cool, now only to figure out how to utilize this in a funner way with my 14.4k modem...

Imagine this situation from your ISPs point of view. The modem your modem is connected to at the ISPs end is a thimble. Normally your ISP drops water into your thimble with an eye dropper and you drain your thimble before it fills up.

Now you hack your TCP/IP stack and force the sender to go to a huuge window. Suddenly someone dumps a bucket of water on your ISPs thimble.

You wake up and the sheets are wet. Oh wait, that bit's not relevant ;)

Another cool analogy which I can't remember where I got (Scott Adams?) is "it's like aiming a firehose at a teacup".
[ Parent ]

Fix that quoted paragraph. Then I w... (none / 0) (#1)
by hattig on Tue May 09, 2000 at 09:42:30 AM EST

hattig voted 0 on this story.

Fix that quoted paragraph. Then I will change this FreeBSD TCP/IP stack :-)

Very interesting, but the quote fro... (none / 0) (#6)
by YellowBook on Tue May 09, 2000 at 09:46:00 AM EST

YellowBook voted 1 on this story.

Very interesting, but the quote from the article is messed up.

Not quite as sensational as the wri... (2.00 / 2) (#4)
by fvw on Tue May 09, 2000 at 09:56:42 AM EST

fvw voted 1 on this story.

Not quite as sensational as the writeup claims, but definately an interesting read.

Re: Not quite as sensational as the wri... (none / 0) (#9)
by ramses0 on Tue May 09, 2000 at 12:33:14 PM EST

You must have missed that graph on about the 3rd or 4th page... it shows a nearly vertical line describing "transfer speed" for the file he downloaded.

Imagine if you're driving on a highway, and had a button you could push to make any other car on the road go arbitrarily fast. This guy found a way to request arbitrarily fast file transfers from arbitrary hosts on the internet. This is worse than a DDoS, but he also -invented- a method which makes it possible to track a DDoS route after 100 packets. Oh, this method is also backwards compatible with "dumb" internet routers, who do not need to be upgraded in order to pass this information along.

I thought it was really interesting reading, and don't pretend to understand all of how it's done, but hope for good things in the future from this guy, he seems to have it together.

[ rate all comments , for great justice | sell.com ]
[ Parent ]

Re: Not quite as sensational as the wri... (none / 0) (#14)
by fvw on Tue May 09, 2000 at 07:06:31 PM EST

Yes, definately. Very interesting, and far-going consequences (and I really liked the DoS tracing solution), but I doubt it'll be the end of the internet as we know it. Basicly, if filling the bandwith with this hack is possible, it's also possible with udp/icmp/whatever nontcp garbage you wish to throw at your connection. And I've done that plenty of times :-). And yes, if you're not careful you'll get trouble with your isp. But I doubt it's ever going to be a real problem. Btw, it's interesting to realise that if everybody did get a tcp stack capable of doing this, you'd have what is in essence the prisoners dillema: everybody cooperates , and bandwidth is used as optimal as possible (hmm, whatever). However, everybody is egoistical, and bandwith trouble all round. Or something in between.....

[ Parent ]
BRAIN HURTS. Oh, the pain.... (1.00 / 1) (#2)
by Demona on Tue May 09, 2000 at 10:03:41 AM EST

Demona voted 1 on this story.

BRAIN HURTS. Oh, the pain.

Re: Net hog TCP/IP hack (4.00 / 2) (#8)
by Alhazred on Tue May 09, 2000 at 11:25:09 AM EST


Sounds like some people are going to be doing some more work on IPv6...

Really, I think the answer is going to have to be a new generation of TCP/IP protocol suite. I really don't see how in the long run the net as a whole can afford to tolerate "uncooperative" hosts.
That is not dead which may eternal lie And with strange aeons death itself may die.
How to fix this (4.00 / 3) (#10)
by megacz on Tue May 09, 2000 at 12:38:14 PM EST

  • ack division -- only respond to acks for the last byte of a segment (mentioned in the article)
  • dupacking -- don't expand the window more than once for the same duplicate ack (duh)
  • optimistic acking -- more subtle. Make the first packet sent on a TCP connection of size MTU-rand(10) -- making the odds of guessing the proper MTU 0.1. If you get an ack with a mismatched size, put the sender's IP on a "probation list" for the next few hours and send them packets of widely ranging sizes (MTU-rand(300)), ignoring acks of the wrong size.

Even though it's not hardware-related I posted these solutions (along with a link to arstechnica's story) on lowerbound...

Search pricewatch, streetprices, and others all at once with lowerbound.org (now with discussions!)
Re: Net hog TCP/IP hack (2.00 / 2) (#11)
by evro on Tue May 09, 2000 at 01:47:22 PM EST

If you send an ack for a frame you haven't received, and then that frame is lost/garbled in transit, what do you do? When the sender gets the ack it usually unbuffers the last packet sent so it can't be resent.

Sorry if this is addressed in the article; dont have time to read it now.
"Asking me who to follow -- don't ask me, I don't know!"

Re: Net hog TCP/IP hack (none / 0) (#13)
by Anonymous Hero on Tue May 09, 2000 at 04:48:21 PM EST

If your sole concern is consuming mass quantities of bandwidth, what does it matter if some packets are lost? As I understand it, that's the purpose of this hack.

Kind of a DOS of the connection.

[ Parent ]

Re: Net hog TCP/IP hack (none / 0) (#18)
by Anonymous Hero on Wed May 10, 2000 at 02:15:25 PM EST

You reconnect and use the HTTP Range field to get any missing bits.

[ Parent ]
The write up is a little misleading (4.00 / 1) (#12)
by Rasputin on Tue May 09, 2000 at 02:18:48 PM EST

A very amusing bit, and I do love stupid tricks with TCP ;) However, the methods used to hog the servers attention are a little more involved than just guessing the time between packets. The article in the link is very well written and an amusing read, and it actually covers not only how to do this, but what needs to be done to defend against it.

I'm disappointed that the write up didn't also cover a very good approach to handling the ddos problems. It's in the same article, and (this really shocked me) the author of the article not only used the word `hack` in a sentence, but used it correctly ;)

Stefan Savage actually has a number of papers on his personal site. If they are half as good as the one this article was based on (and I see know reason they shouldn't be) this will make for a very interesting read.

I'll either add an update to this thread or post a new front page article after I finish reading some of the other papers.
Even if you win the rat race, you're still a rat.

Net hog TCP/IP hack | 18 comments (18 topical, 0 editorial, 0 hidden)
Display: Sort:


All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!