[e2e] TCP DoS by manipulating flow-control with fake ACKs?

[Luke Gorrie]

Ahoy,

I'm wondering if there's any literature or folklore about
denial-of-service attacks based on manipulating TCP flow control
information to make a remote host waste all of its bandwidth. What I
have in mind is rapidly generating TCP ACKs for data that you haven't
received but predict has been sent, to create the illusion that you
are receiving packets extremely fast and that none are being lost.

For example:

1. Connect to a webserver and start downloading a large file.
2. Send ACKs as rapidly as possible, incrementing the acknowledged
   sequence number by K*MSS each time for some constant K.
3. Start again after you get a FIN, RST, etc.

It looks to me like the remote host might reasonably respond with K
full-size segments to every small ACK you send it, independent of any
downstream congestion, and thus run out of resources.

I'd be greateful for any references or other information.

Cheers!
Luke