Explanation
The ns-3 simulation was run for 100 seconds and the observations were recorded using the following parameters :
| Burst Duration (s) |
Attacker's rate (Kb/s) |
| 0.15 |
12000 |
| 0.25 |
7000 |
| 0.20 |
12000 |
The graph indicates that the effectiveness of the attack does not increase with the attacker’s average rate. Most critically, there are two “nulls” in the frequency response in which TCP throughput almost becomes zero. In particular, Throughput is lowest
when when :
-
burstPeriod=minRTO
-
burstPeriod=minRTO/2.
The physical interpretation of the graph is as follows:
If the attacker creates the minRTO-periodic outages, it will completely deny service to the TCP traffic. Once the brief outage occurs, all flows will simultaneously timeout.
When their timeout expires after minRTO seconds and they again transmit packets, the attacker creates another outage such that the flows backoff again. Clearly, the most attractive period for a DoS attacker is minRTO, since it is the null
frequency that minimizes the DoS flow’s average rate. When T>minRTO, as the period of the attack increases, the TCP flows obtain increasingly higher throughput during durations between expiration of retransmission timers and the subsequent
DoS outage.