IETF Logo Mail Archive

Re: Security Assessment of the Transmission Control Protocol (TCP)

Lars Eggert <lars.eggert@nokia.com> Sat, 14 February 2009 10:01 UTC

Return-Path: <lars.eggert@nokia.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 636883A68C7 for <ietf@core3.amsl.com>; Sat, 14 Feb 2009 02:01:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[AWL=-0.601, BAYES_00=-2.599, J_CHICKENPOX_51=0.6, J_CHICKENPOX_81=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id exdtzb4csUHx for <ietf@core3.amsl.com>; Sat, 14 Feb 2009 02:01:24 -0800 (PST)
Received: from mail.fit.nokia.com (unknown [IPv6:2001:2060:40:1::123]) by core3.amsl.com (Postfix) with ESMTP id 967263A6B44 for <ietf@ietf.org>; Sat, 14 Feb 2009 02:01:23 -0800 (PST)
Received: from [192.168.0.199] (cs95200.pp.htv.fi [212.90.95.200]) (authenticated bits=0) by mail.fit.nokia.com (8.14.3/8.14.3) with ESMTP id n1EA1OlG082677 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Sat, 14 Feb 2009 12:01:24 +0200 (EET) (envelope-from lars.eggert@nokia.com)
Message-Id: <972666D1-3024-4495-A3BC-475B7488DA81@nokia.com>
From: Lars Eggert <lars.eggert@nokia.com>
To: Marshall Eubanks <tme@multicasttech.com>
In-Reply-To: <0B030ADA-F621-4FDF-9CAF-23A27C16E26B@multicasttech.com>
Content-Type: multipart/signed; boundary="Apple-Mail-25-747925186"; micalg="sha1"; protocol="application/pkcs7-signature"
Mime-Version: 1.0 (Apple Message framework v930.3)
Subject: Re: Security Assessment of the Transmission Control Protocol (TCP)
Date: Sat, 14 Feb 2009 12:01:19 +0200
References: <4994A4EB.5030607@gmail.com> <0B030ADA-F621-4FDF-9CAF-23A27C16E26B@multicasttech.com>
X-Mailer: Apple Mail (2.930.3)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0.1 (mail.fit.nokia.com [212.213.221.39]); Sat, 14 Feb 2009 12:01:25 +0200 (EET)
X-Virus-Scanned: ClamAV 0.94.2/8990/Sat Feb 14 06:27:24 2009 on fit.nokia.com
X-Virus-Status: Clean
Cc: IETF discussion list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Feb 2009 10:01:26 -0000

Hi,

On 2009-2-14, at 0:25, Marshall Eubanks wrote:
> If I am reading this correctly the UK Centre for the Protection of
> National Infrastructure
> wants the IETF (or some other body) to produce a "companion document
> to the IETF specifications that discusses the security aspects and
> implications of the protocols, identifies the existing
> vulnerabilities, discusses the possible countermeasures, and analyses
> their respective effectiveness."


during the discussions around the TCP implementation deficiencies  
publicized by the Outpost24 last fall, we discussed with CERT-FI and  
others in that community that the IETF would offer to be the venue for  
publishing such a document. The goal would be to document techniques  
that stack vendors are employing to harden their stacks. They asked us  
to wait until vendors had a chance to deploy patches to the latest  
round of vulnerabilities, and we haven't heard back from them since  
late last year. (Which reminds me to shoot them an email.)

I believe such a document would be fully in scope for TCPM, but  
obviously the involvement of the stack vendors is critical to ensure  
this is a document that has practical relevance.

Lars

> Begin forwarded message:
>
>> From: Fernando Gont <fernando.gont@gmail.com>
>> Date: February 12, 2009 5:38:35 PM EST
>> To: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
>> Subject: Security Assessment of the Transmission Control Protocol
>> (TCP)
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Hello, folks,
>>
>> The United Kingdom's Centre for the Protection of National
>> Infrastructure has just released the document "Security Assessment of
>> the Transmission Control Protocol (TCP)", on which I have had the
>> pleasure to work during the last few years.
>>
>> The motivation to produce this document is explained in the Preface  
>> of
>> the document as follows:
>>
>> - ---- cut here ----
>> The TCP/IP protocol suite was conceived in an environment that was
>> quite
>> different from the hostile environment they currently operate in.
>> However, the effectiveness of the protocols led to their early
>> adoption
>> in production environments, to the point that to some extent, the
>> current world?s economy depends on them.
>>
>> While many textbooks and articles have created the myth that the
>> Internet protocols were designed for warfare environments, the top
>> level
>> goal for the DARPA Internet Program was the sharing of large service
>> machines on the ARPANET. As a result, many protocol specifications
>> focus
>> only on the operational aspects of the protocols they specify, and
>> overlook their security implications.
>>
>> While the Internet technology evolved since it early inception, the
>> Internet?s building blocks are basically the same core protocols
>> adopted
>> by the ARPANET more than two decades ago.
>>
>> During the last twenty years, many vulnerabilities have been
>> identified
>> in the TCP/IP stacks of a number of systems. Some of them were based
>> on
>> flaws in some protocol implementations, affecting only a reduced
>> number
>> of systems, while others were based in flaws in the protocols
>> themselves, affecting virtually every existing implementation. Even  
>> in
>> the last couple of years, researchers were still working on security
>> problems in the core protocols.
>>
>> The discovery of vulnerabilities in the TCP/IP protocol suite usually
>> led to reports being published by a number of CSIRTs (Computer
>> Security
>> Incident Response Teams) and vendors, which helped to raise awareness
>> about the threats and the best mitigations known at the time the
>> reports
>> were published. Unfortunately, this also led to the documentation of
>> the
>> discovered protocol vulnerabilities being spread among a large
>> number of
>> documents, which are sometimes difficult to identify.
>>
>> For some reason, much of the effort of the security community on the
>> Internet protocols did not result in official documents (RFCs) being
>> issued by the IETF (Internet Engineering Task Force). This basically
>> led
>> to a situation in which ?known? security problems have not always
>> been addressed by all vendors. In addition, in many cases vendors  
>> have
>> implemented quick ?fixes? to the identified vulnerabilities without a
>> careful analysis of their effectiveness and their impact on
>> interoperability.
>>
>> Producing a secure TCP/IP implementation nowadays is a very difficult
>> task, in part because of the lack of a single document that serves
>> as a
>> security roadmap for the protocols. Implementers are faced with the
>> hard
>> task of identifying relevant documentation and differentiating  
>> between
>> that which provides correct advice, and that which provides  
>> misleading
>> advice based on inaccurate or wrong assumptions.
>>
>>
>> There is a clear need for a companion document to the IETF
>> specifications that discusses the security aspects and implications  
>> of
>> the protocols, identifies the existing vulnerabilities, discusses the
>> possible countermeasures, and analyses their respective  
>> effectiveness.
>>
>> This document is the result of a security assessment of the IETF
>> specifications of the Transmission Control Protocol (TCP), from a
>> security point of view. Possible threats are identified and, where
>> possible, countermeasures are proposed. Additionally, many
>> implementation flaws that have led to security vulnerabilities have
>> been
>> referenced in the hope that future implementations will not incur the
>> same problems.
>>
>> This document does not aim to be the final word on the security
>> aspects
>> of TCP. On the contrary, it aims to raise awareness about a number of
>> TCP vulnerabilities that have been faced in the past, those that are
>> currently being faced, and some of those that we may still
>> have to deal with in the future.
>>
>> Feedback from the community is more than encouraged to help this
>> document be as accurate as possible and to keep it updated as new
>> vulnerabilities are discovered.
>> - ---- cut here ----
>>
>> The document is available at CPNI's web site:
>> http://www.cpni.gov.uk/Products/technicalnotes/Feb-09-security-assessment-TCP.aspx
>>
>> Additionally, I have posted a copy of the document on my personal web
>> site: http://www.gont.com.ar
>>
>> Any comments will be more than welcome.
>>
>> Kind regards,
>> - --
>> Fernando Gont
>> e-mail: fernando@gont.com.ar || fgont@acm.org
>> PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
>>
>>
>>
>>
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.9 (GNU/Linux)
>>
>> iQEcBAEBCAAGBQJJlKTFAAoJEJbuqe/Qdv/xbBgH/0CRAO7VttW8IlSs6ocKl8Xi
>> pQkuUZOKAZrkok0T4GOkRPBmIv+5K8ZQT8hBBdTL6TOdZ+LOIHvmwpOMRqosijbm
>> +KXTuHYws/zVbReCZXdYFhHfxRUn75G9s0mafNRpkiQV07hoHpD38UcGJYUnQXNy
>> 7uuV3HXJDENgE0L8pAK8HhgNKlX3clcV3sBJEzHMsvVVT1Jh1XsS+krAD7JguN95
>> nhjOTcTp1Ggq+F6wqucm9Kf193O78REEz/FGeaoPGSDfzD0EBGg4IG1qu6Bo3e++
>> ALLEOhARQJ0l12dC+84N0/mrGBSe45pUbMddT6xZzDXa6INcmTE6dc1VSQL8EAo=
>> =IVlY
>> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf

v2.39.1 | Report a Bug | By Email | System Status