On Monday 10 March 2008 14:20, NextGen$ wrote: > * Matthew Toseland <toad at amphibian.dyndns.org> [2008-03-10 13:57:28]: > > > On Saturday 08 March 2008 14:30, Michael Rogers wrote: > > > Evan Daniel wrote: > > > > At least for the near term future, and probably longer, we need an > > > > answer other than TCP because of ugliness like Comcast's Sandvine > > > > hardware. Forged TCP reset packets are non-trivial to deal with, but > > > > the equivalent problem doesn't even exist for UDP. > > > > > > True, UDP is more robust than TCP against this particular attack, but > > > that just means the next logical step in the P2P vs ISP arms race is for > > > all the P2P apps to move to UDP, and then the ISPs will just start > > > throttling UDP instead of forging RSTs. Ultimately if your ISP doesn't > > > want to carry your traffic, they won't carry it. > > > > Sure. But it will cost them. RSTs are trivial. The Golden Shield uses RSTs for > > example, rather than remembering which streams it wants to kill. Because > > statefully killing streams would cost many times more. > > Send any "hard" ICMP error and you're done killing it ;)
Hmmm? > > > Throttling UDP > > likewise would cause other problems: it would slow down skype dramatically, > > alienating a lot of users, so they'd need to put more hardware in to detect > > skype... > > Skype can work over TCP if UDP is blocked. What if it's not blocked but slow? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20080310/0005958e/attachment.pgp>