Monday, March 1, 2010

ICMP Source Quench

As with most PhD students, I have learned to run before crawling, meaning that I have worked on many systems in IP networking and P2P without having an expert knowledge in either field. To address this, I have begun a reading crusade beginning with a massive 1500 page book describing TCP: The TCP/IP Guide.

While reading it, I came across something that struck me... ICMP, or Internet control management protocol, has a feature known as source quench. Basically, it tells the receiver of the packet to slow down, though it requires the first 8 bytes of a sent packet. In UDP this means the entire header (ports, length, and checksum), while in TCP this is a smaller portion of the header (ports and sequence number). What struck me as odd was that no where in the book did it describe how well deployed this feature was and potential attacks made by using it.

So I turned to Google... and found this lengthy document. The basic summary was that most systems seem to have disabled TCP support for ICMP source quench, but what about UDP? I also found that it appears at least Windows CE does support ICMP source quench.

What interests me are, what OS' actually support this for UDP and TCP and do they verify UDP and TCP header mappings before reacting. Can users in a P2P system like Gnutella or BitTorrent who are downloading a file attack the sender of the data to slow down the rate at which he shares the files to others and thus improve their own bandwidth? I couldn't find any papers on Google or ACM, maybe this will be a neat little side trip for me.