Acknowledgement Spoofing at Kernel Level and TCP Sender Behaviour Analysis

  • Srikanth Reddy Duggempudi
  • V. Anil Kumar
  • M. Sethumadhavan
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 1118)


Congestion control plays a vital role in Transmission Control Protocol through which end-to-end hosts communicate with each other. If any of the end hosts violate the congestion control, it leads to burst out of data at one end resulting in the huge impact of misbehaving with the other well-behaved end host. This typical behaviour might occur both sides, receiver and the sender. In this paper, we explain the attacks performed on the sender by receiver. We analysed the behaviour of the sender by making required modifications for the receiver in the Linux kernel. Through experimented results, we demonstrated the reason behind the typical behaviour of the sender. As we know that the root cause of these attacks is derived from RFC 2581, so the possibility of attack path is more feasible.


Linux Kernel Ack spoofing TCP Memory pressure 


  1. 1.
    Postel, J.: Transmission Control Protocol, RFC 793 (September 1981) Google Scholar
  2. 2.
    Postel, J.: Internet Protocol, RFC 791 (September 1981)Google Scholar
  3. 3.
    Jacobson, V., Karels, M.J.: Congestion avoidance and control. In: Proceedings of the Sigcomm ’88 Symposium, vol. 18, issue no. 4, pp. 314–329. Stanford, CA (August 1988)Google Scholar
  4. 4.
    Savage, S., Cardwell, N., Wetherall, D., Anderson, T.: TCP congestion control with a misbehaving receiver. Comput. Commun. Rev. 29(5), 71–78 (October 1999)Google Scholar
  5. 5.
    Richard Stevens, W.: TCP/IP Illustrated, vol. 1. Addison Wesley (1994)Google Scholar
  6. 6.
    Allman, M., Paxson, V., Stevens, W.: TCP Congestion Control, RFC 2581 (April 1999)Google Scholar
  7. 7.
    Postel, J.: The TCP Maximum Segment Size and Related Topics, RFC 879 (November 1983)Google Scholar
  8. 8.
    Va Nath, H., Gangadharan, K., Sethumadhavan, M.: Reconciliation engine and metric for network vulnerability assessment. In ACM International Conference Proceeding Series, Kerala, pp. 9–21 (2012)Google Scholar
  9. 9.
    Manoj, G.M., Vasudevan, A.R.: D-SCAP: DDoS attack traffic generation using Scapy framework. In: Proceedings of ICBDCC18 (2019).
  10. 10.
    Kumar, A.V., Sisalem, D.: TCP based Denial-of-Service attacks to edge network: analysis and detection, LNCS, vol. 3356. In: Proceedings of 12th International Conference on Advanced Computing and Communication, ADCOM-2004, Springer, pp. 214–223Google Scholar
  11. 11.
    Sherwood, R., Bhattacharjee, B., Braud, R.: Misbehaving TCP receivers can cause internet-wide congestion collapse. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 383–392, Alexandria, VA, USA, November 07–11 (2005)Google Scholar
  12. 12.
    Anil Kumar, V., Jayalekshmy, P.S., Patra, G.K., Thangavelu, R.P.: On remote exploitation of TCP sender for low-rate flooding denial-of-service attack. IEEE Commun. Lett. 13(1), 46–48 (2009)Google Scholar
  13. 13.
  14. 14.
  15. 15.
    Ftrace Tool for tracing kernel Functions.
  16. 16.
    Arai, B., Baron, C.: ACK Spoofing via the Linux Kernel (2005) Google Scholar
  17. 17.
    Format Specifier for kernel source code debugging.
  18. 18.
  19. 19.
  20. 20.

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  • Srikanth Reddy Duggempudi
    • 1
  • V. Anil Kumar
    • 2
  • M. Sethumadhavan
    • 1
  1. 1.TIFAC-CORE in Cyber Security Amrita School of Engineering Amrita Vishwa VidyapeethamCoimbatoreIndia
  2. 2.CSIR Fourth Paradigm InstituteBangaloreIndia

Personalised recommendations