[freenet-dev] Packet size proposal
NextGen$
nextgens at freenetproject.org
Mon Mar 10 14:20:32 UTC 2008
* Matthew Toseland <toad at amphibian.dyndns.org> [2008-03-10 13:57:28]:
> On Saturday 08 March 2008 14:30, Michael Rogers wrote:
> > Evan Daniel wrote:
> > > At least for the near term future, and probably longer, we need an
> > > answer other than TCP because of ugliness like Comcast's Sandvine
> > > hardware. Forged TCP reset packets are non-trivial to deal with, but
> > > the equivalent problem doesn't even exist for UDP.
> >
> > True, UDP is more robust than TCP against this particular attack, but
> > that just means the next logical step in the P2P vs ISP arms race is for
> > all the P2P apps to move to UDP, and then the ISPs will just start
> > throttling UDP instead of forging RSTs. Ultimately if your ISP doesn't
> > want to carry your traffic, they won't carry it.
>
> Sure. But it will cost them. RSTs are trivial. The Golden Shield uses RSTs for
> example, rather than remembering which streams it wants to kill. Because
> statefully killing streams would cost many times more.
Send any "hard" ICMP error and you're done killing it ;)
> Throttling UDP
> likewise would cause other problems: it would slow down skype dramatically,
> alienating a lot of users, so they'd need to put more hardware in to detect
> skype...
Skype can work over TCP if UDP is blocked.
NextGen$
More information about the Devl
mailing list