Towards Congestion Control in Mobile Devices by Combating TCP Based Attacks

摘要

There are several existing solutions on congestion control in low bandwidth mobile devices and among them is the packet drop policy. This paper proposes a different approach to address the same by combating the TCP based attacks. The firewall verifys the validity of a client before being allowed to connect to the network. A client sends a SYN request to the TCP server through the firewall, the firewall sends a SYN/ACK with a wrong sequence number to the client. The client sends an RST which the firewall checks to see whether their sequence numbers match before forwarding the SYN request to the server. The server returns a SYN/ACK to the client through the firewall. An ACK from the client is held by the firewall awaiting a retransmission of the same. The firewall then checks the sequence numbers of the SYN, RST and the two ACKs. If they match, the client is allowed to connect to the network otherwise the firewall uses the suggested Drop Invalid Mechanism (DIM) to ask the server to release all the resources associated with this client. The firewall uses a timer in waiting for the RST and the second ACK and if the client exceeds a set time, it is proved invalid and hence dropped before a connection is established. The results from the tools used to analyse this paper shows that the delay in performance caused by this verification only takes micro seconds which cannot be compared to the benefits of reducing congestion in the network.