Evan Daniel wrote: > At least for the near term future, and probably longer, we need an > answer other than TCP because of ugliness like Comcast's Sandvine > hardware. Forged TCP reset packets are non-trivial to deal with, but > the equivalent problem doesn't even exist for UDP.
True, UDP is more robust than TCP against this particular attack, but that just means the next logical step in the P2P vs ISP arms race is for all the P2P apps to move to UDP, and then the ISPs will just start throttling UDP instead of forging RSTs. Ultimately if your ISP doesn't want to carry your traffic, they won't carry it. > Also, most consumer-level NATs are probably old devices that won't be > upgraded any time soon. Remember, we want to handle an average user's > NAT well, even if they can't / won't change the settings when Freenet > asks them to. Legacy NATs are definitely a problem, but I'm not sure they're a bigger problem for TCP than UDP - AFAIK most legacy NATs that allow UDP hole-punching also allow TCP hole-punching (I could be wrong about this, but I thought the STUNT developers got NAT traversal success rates that were comparable to UDP). Cheers, Michael
