Interesting People mailing list archives
Interesting query re: Comcast forging RSTs again (and now SYN/ACKs)?
From: David Farber <dave () farber net>
Date: Tue, 8 Apr 2008 03:03:46 -0700
________________________________________ From: Brett Glass [brett () lariat net] Sent: Monday, April 07, 2008 11:15 PM To: David Farber; ip Subject: Re: [IP] Comcast forging RSTs again (and now SYN/ACKs)? David: It appears that the student experimenters at CU designed their experiment very poorly and then jumped to conclusions about the results. Firstly, they launched a "SYN flood" -- which any good intrusion detection system will see as a "bot" and/or a direct DoS attack. Comcast would have been well justified in cutting them off altogether as a result of this behavior. But instead, it appears that their traffic management system imposes a TCP connection limit (a reasonable thing to do, especially on a connection that uses NAT and might otherwise overflow the router's session tables). When it saw too many SYNs, it began to block new connections. Not an unreasonable thing to do. Secondly, the students tried to connect to a Web server at a nonexistent address. Many ISPs perform transparent Web caching, and a transparent Web proxy handles this situation by fielding the connection and trying to contact the destination host. If it fails to do so, it can either send back its own error message or simply send a RST (which results in the same browser error message that would occur if there were no proxy). This is the normal behavior of a device which speeds Web browsing and hence is consumer-friendly, and certainly should not be a basis for bashing Comcast. Finally, they claim that they have "observed" a shift in Comcast network management policy, even though they did no tests before Comcast claimed to be changing that policy. Without a control in their experiment, how can they credibly make such a statement? --Brett Glass ------------------------------------------- Archives: http://www.listbox.com/member/archive/247/=now RSS Feed: http://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- Interesting query re: Comcast forging RSTs again (and now SYN/ACKs)? David Farber (Apr 08)