Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!tut.cis.ohio-state.edu!ucbvax!MATHOM.CISCO.COM!BILLW
From: BILLW@MATHOM.CISCO.COM (William "Chops" Westfield)
Newsgroups: comp.protocols.tcp-ip
Subject: Re:  TCP Spoofing...
Message-ID: <12653499834.15.BILLW@mathom.cisco.com>
Date: 13 Jan 91 06:30:33 GMT
References: <29806@shamash.cdc.com>
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 22

Regardless of the "legality" of TCP ACK spoofing, I still claim that
that it is not useful to do so.  Especially in the situations originally
brought up (speeding up transport on slow modems, similar to telebit's
kermit, modem, and uucp spoofing).  The windowing inherent in TCP makes
ACK spoofing in these situation unnecessary, since the ACK return time
is not the limiting factor in the end-to-end throughput.


    My point is that the scope of the TCP acknowledgement is limited to
    the TCP protocol.  This feature is merely a tool used by TCP to
    provide the guaranteed data delivery mechanism.

The first sentence is true, the second is most certainly not.  The
round trip time (calculated based on the time to get an ACK) is used
to determin retrasmission intervals, and in newer (Van Jacobson) TCPs,
to estimate the effective bandwidth of the network connection, so that
network congestion can be avoided.  By spoofing ACKs, you gain very
little, and lose a great deal.

Bill Westfield
cisco Systems.
-------