A new Request for Comments is now available in online RFC
libraries.
RFC 4953
Title: Defending TCP Against Spoofing Attacks
Author: J. Touch
Status: Informational
Date: July 2007
Mailbox: touch isi.edu
Pages: 28
Characters: 72756
Updates/Obsoletes/SeeAlso: None
I-D Tag: draft-ietf-tcpm-tcp-antispoof-06.txt
URL: http://www.
rfc-editor.org/rfc/rfc4953.txt
Recent analysis of potential attacks on core Internet
infrastructure
indicates an increased vulnerability of TCP connections to
spurious
resets (RSTs), sent with forged IP source addresses
(spoofing). TCP
has always been susceptible to such RST spoofing attacks,
which were
indirectly protected by checking that the RST sequence
number was
inside the current receive window, as well as via the
obfuscation of
TCP endpoint and port numbers. For pairs of well-known
endpoints
often over predictable port pairs, such as BGP or between
web servers
and well-known large-scale caches, increases in the path
bandwidth-delay product of a connection have sufficiently
increased
the receive window space that off-path third parties can
brute-force
generate a viable RST sequence number. The susceptibility
to attack
increases with the square of the bandwidth, and thus
presents a
significant vulnerability for recent high-speed networks.
This
document addresses this vulnerability, discussing proposed
solutions
at the transport level and their inherent challenges, as
well as
existing network level solutions and the feasibility of
their
deployment. This document focuses on vulnerabilities due to
spoofed
TCP segments, and includes a discussion of related ICMP
spoofing
attacks on TCP connections. This memo provides information
for the Internet community.
This document is a product of the TCP Maintenance and Minor
Extensions
Working Group of the IETF.
INFORMATIONAL: This memo provides information for the
Internet community.
It does not specify an Internet standard of any kind.
Distribution
of this memo is unlimited.
This announcement is sent to the IETF list and the RFC-DIST
list.
Requests to be added to or deleted from the IETF
distribution list
should be sent to IETF-REQUESTIETF.ORG. Requests to be
added to or deleted from the RFC-DIST distribution list
should
be sent to RFC-DIST-REQUESTRFC-EDITOR.ORG.
Details on obtaining RFCs via FTP or EMAIL may be obtained
by sending
an EMAIL message to rfc-infoRFC-EDITOR.ORG with the
message body
help: ways_to_get_rfcs. For example:
To: rfc-infoRFC-EDITOR.ORG
Subject: getting rfcs
help: ways_to_get_rfcs
Requests for special distribution should be addressed to
either the
author of the RFC in question, or to RFC-ManagerRFC-EDITOR.ORG. Unless
specifically noted otherwise on the RFC itself, all RFCs are
for
unlimited distribution.
Submissions for Requests for Comments should be sent to
RFC-EDITORRFC-EDITOR.ORG. Please consult RFC 2223,
Instructions to RFC
Authors, for further information.
The RFC Editor Team
USC/Information Sciences Institute
...
_______________________________________________
rfc-dist mailing list
rfc-distmailman.rfc-editor.org
http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist
http://www.rfc-editor.org
|
