* Matthew Toseland <toad at amphibian.dyndns.org> [2008-03-10 13:57:28]:
> On Saturday 08 March 2008 14:30, Michael Rogers wrote: > > Evan Daniel wrote: > > > At least for the near term future, and probably longer, we need an > > > answer other than TCP because of ugliness like Comcast's Sandvine > > > hardware. Forged TCP reset packets are non-trivial to deal with, but > > > the equivalent problem doesn't even exist for UDP. > > > > True, UDP is more robust than TCP against this particular attack, but > > that just means the next logical step in the P2P vs ISP arms race is for > > all the P2P apps to move to UDP, and then the ISPs will just start > > throttling UDP instead of forging RSTs. Ultimately if your ISP doesn't > > want to carry your traffic, they won't carry it. > > Sure. But it will cost them. RSTs are trivial. The Golden Shield uses RSTs > for > example, rather than remembering which streams it wants to kill. Because > statefully killing streams would cost many times more. Send any "hard" ICMP error and you're done killing it ;) > Throttling UDP > likewise would cause other problems: it would slow down skype dramatically, > alienating a lot of users, so they'd need to put more hardware in to detect > skype... Skype can work over TCP if UDP is blocked. NextGen$
