RFC 5961, "Improving TCP's Robustness to Blind In-Window Attacks", August 2010Source of RFC: tcpm (tsv)
Errata ID: 4772
Status: Held for Document Update
Publication Format(s) : TEXT
Reported By: Stéphane Bortzmeyer
Date Reported: 2016-08-10
Held for Document Update by: Mirja Kühlewind
Date Held: 2016-09-12
Section 7 says:
[The entire section]
It should say:
No suggested text because it requires a much more serious analysis. May be adding that the rate-limit counter SHOULD be per-connection, in the spirit of RFC 6528?
It appears the section does not specify that the counter for ACK throttling SHOULD be per-connection. In Linux, it is apparently global, which allowed its use as a side channel enabling nasty attacks (CVE-2016-5696 and the paper "Off-Path TCP Exploits: Global Rate Limit Considered Dangerous" <http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf>).
Also see discussion on tcpm list about this reported errata!