Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ECN attacks #2163

Closed
ekr opened this issue Dec 13, 2018 · 4 comments
Closed

ECN attacks #2163

ekr opened this issue Dec 13, 2018 · 4 comments
Labels
-transport editorial An issue that does not affect the design of the protocol; does not require consensus.
Projects
Late Stage Processing

Comments

@ekr
Copy link
Collaborator

ekr commented Dec 13, 2018

S 21.7

An on-the-side attacker can duplicate and send packets with modified ECN
codepoints to affect the sender's rate.  If duplicate packets are discarded by a
receiver, an off-path attacker will need to race the duplicate packet against
the original to be successful in this attack.  Therefore, QUIC receivers ignore
ECN codepoints set in duplicate packets (see {{ecn}}).

This could use more elaboration. As written, it seems like if you win the race (which you might like half the time) then you will succeed in the attack. Is that true?
@martinthomson martinthomson added editorial An issue that does not affect the design of the protocol; does not require consensus. -transport labels Dec 14, 2018
@martinthomson
Copy link
Member

Yes, the winner of a race can reduce the congestion window or maybe prevent it from being reduced.

@mnot mnot added this to Editorial Issues in Late Stage Processing Feb 27, 2019
@gorryfair
Copy link
Contributor

As I see this: QUIC receivers ignore the ECN codepoint field received in IP packets that carry duplicate QUIC packets (see {{ecn}}).

martinthomson added a commit that referenced this issue May 22, 2019
@martinthomson
Don't use ECN if packets are discarded
1e960a5 
@gorryfair made a good suggestion in #2163, which I have taken and
tweaked further.  It is not sufficient to discard ECN if one QUIC packet
is discared, you need to discard ALL QUIC packets in the IP packet.
@martinthomson martinthomson mentioned this issue May 22, 2019
Merged
@gloinul
Copy link
Contributor

gloinul commented Jul 23, 2019

So @ekr is this resolved or do you expect more than what Martin wrote?

@martinthomson
Copy link
Member

I think that I can make that call now. If there is a problem, we can open an issue.

Late Stage Processing automation moved this from Editorial Issues to Text Incorporated Aug 26, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
-transport editorial An issue that does not affect the design of the protocol; does not require consensus.
Projects
Late Stage Processing
  
Issue Handled
Milestone
No milestone
Development

No branches or pull requests
4 participants
@martinthomson @ekr @gorryfair @gloinul