IETF Logo Mail Archive

[tcpm] RFC 4953 on Defending TCP Against Spoofing Attacks

rfc-editor@rfc-editor.org Tue, 31 July 2007 01:05 UTC

Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IFgBT-00012f-Ht; Mon, 30 Jul 2007 21:05:59 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IFgBQ-00012K-Jf; Mon, 30 Jul 2007 21:05:56 -0400
Received: from bosco.isi.edu ([128.9.168.207]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IFgBP-00005k-9k; Mon, 30 Jul 2007 21:05:55 -0400
Received: by bosco.isi.edu (Postfix, from userid 70) id 964DBDAFD5; Mon, 30 Jul 2007 18:03:31 -0700 (PDT)
To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org
From: rfc-editor@rfc-editor.org
Message-Id: <20070731010331.964DBDAFD5@bosco.isi.edu>
Date: Mon, 30 Jul 2007 18:03:31 -0700
X-Spam-Score: -15.0 (---------------)
X-Scan-Signature: 6ba8aaf827dcb437101951262f69b3de
Cc: tcpm@ietf.org, rfc-editor@rfc-editor.org
Subject: [tcpm] RFC 4953 on Defending TCP Against Spoofing Attacks
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org

A new Request for Comments is now available in online RFC libraries.



        

        RFC 4953



        Title:      Defending TCP Against Spoofing Attacks 

        Author:     J. Touch

        Status:     Informational

        Date:       July 2007

        Mailbox:    touch@isi.edu

        Pages:      28

        Characters: 72756

        Updates/Obsoletes/SeeAlso:   None



        I-D Tag:    draft-ietf-tcpm-tcp-antispoof-06.txt



        URL:        http://www.rfc-editor.org/rfc/rfc4953.txt



Recent analysis of potential attacks on core Internet infrastructure

indicates an increased vulnerability of TCP connections to spurious

resets (RSTs), sent with forged IP source addresses (spoofing).  TCP

has always been susceptible to such RST spoofing attacks, which were

indirectly protected by checking that the RST sequence number was

inside the current receive window, as well as via the obfuscation of

TCP endpoint and port numbers.  For pairs of well-known endpoints

often over predictable port pairs, such as BGP or between web servers

and well-known large-scale caches, increases in the path

bandwidth-delay product of a connection have sufficiently increased

the receive window space that off-path third parties can brute-force

generate a viable RST sequence number.  The susceptibility to attack

increases with the square of the bandwidth, and thus presents a

significant vulnerability for recent high-speed networks.  This

document addresses this vulnerability, discussing proposed solutions

at the transport level and their inherent challenges, as well as

existing network level solutions and the feasibility of their

deployment.  This document focuses on vulnerabilities due to spoofed

TCP segments, and includes a discussion of related ICMP spoofing

attacks on TCP connections.  This memo provides information for the Internet community.



This document is a product of the TCP Maintenance and Minor Extensions

Working Group of the IETF.





INFORMATIONAL: This memo provides information for the Internet community. 

It does not specify an Internet standard of any kind. Distribution

of this memo is unlimited.



This announcement is sent to the IETF list and the RFC-DIST list.

Requests to be added to or deleted from the IETF distribution list

should be sent to IETF-REQUEST@IETF.ORG.  Requests to be

added to or deleted from the RFC-DIST distribution list should

be sent to RFC-DIST-REQUEST@RFC-EDITOR.ORG.



Details on obtaining RFCs via FTP or EMAIL may be obtained by sending

an EMAIL message to rfc-info@RFC-EDITOR.ORG with the message body 



help: ways_to_get_rfcs. For example:



        To: rfc-info@RFC-EDITOR.ORG

        Subject: getting rfcs



        help: ways_to_get_rfcs



Requests for special distribution should be addressed to either the

author of the RFC in question, or to RFC-Manager@RFC-EDITOR.ORG.  Unless

specifically noted otherwise on the RFC itself, all RFCs are for

unlimited distribution.



Submissions for Requests for Comments should be sent to

RFC-EDITOR@RFC-EDITOR.ORG.  Please consult RFC 2223, Instructions to RFC

Authors, for further information.





The RFC Editor Team

USC/Information Sciences Institute



...





_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email