5. Security Considerations

Performance Attacks

This document requires a TCP to diminish its sending rate in the presence of retransmission timeouts and the arrival of duplicate acknowledgments. An attacker can therefore impair the performance of a TCP connection by either:

Causing data packets or their acknowledgments to be lost, or
Forging excessive duplicate acknowledgments

ACK Division Attack

In response to the ACK division attack outlined in [SCWA99], this document RECOMMENDS increasing the congestion window based on the number of bytes newly acknowledged in each arriving ACK rather than by a particular constant on each arriving ACK (as outlined in section 3.1).

Congestion Collapse Risk

The Internet, to a considerable degree, relies on the correct implementation of these algorithms in order to preserve network stability and avoid congestion collapse.

An attacker could cause TCP endpoints to respond more aggressively in the face of congestion by forging excessive duplicate acknowledgments or excessive acknowledgments for new data. Conceivably, such an attack could drive a portion of the network into congestion collapse.

Performance Attacks​

ACK Division Attack​

Congestion Collapse Risk​

Performance Attacks

ACK Division Attack

Congestion Collapse Risk