[tcpm] I-D Action:draft-ietf-tcpm-tcpsecure-13.txt
Internet-Drafts@ietf.org Tue, 04 May 2010 07:30 UTC
Received: by core3.amsl.com (Postfix, from userid 0) id 0CF623A6877; Tue, 4 May 2010 00:30:01 -0700 (PDT)
Content-Type: Multipart/Mixed; Boundary="NextPart"
Date: Tue, 4 May 2010 00:30:02 -0700 (PDT)
Subject: [tcpm] I-D Action:draft-ietf-tcpm-tcpsecure-13.txt
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:email@example.com?subject=unsubscribe>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:firstname.lastname@example.org?subject=subscribe>
X-List-Received-Date: Tue, 04 May 2010 07:30:02 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the TCP Maintenance and Minor Extensions Working Group of the IETF. Title : Improving TCP's Robustness to Blind In-Window Attacks Author(s) : A. Ramaiah, et al. Filename : draft-ietf-tcpm-tcpsecure-13.txt Pages : 26 Date : 2010-05-04 TCP has historically been considered protected against spoofed off- path packet injection attacks by relying on the fact that it is difficult to guess the 4-tuple (the source and destination IP addresses and the source and destination ports) in combination with the 32 bit sequence number(s). A combination of increasing window sizes and applications using longer term connections (e.g. H-323 or Border Gateway Protocol [RFC4271]) have left modern TCP implementations more vulnerable to these types of spoofed packet injection attacks. Many of these long term TCP applications tend to have predictable IP addresses and ports which makes it far easier for the 4-tuple (4-tuple is the same as the socket pair mentioned in [RFC0793]) to be guessed. Having guessed the 4-tuple correctly, an attacker can inject a TCP segment with the RST bit set, the SYN bit set or data into a TCP connection by systematically guessing the sequence number of the spoofed segment to be in the current receive window. This can cause the connection to abort or cause data corruption. This document specifies small modifications to the way TCP handles inbound segments that can reduce the chances of a successful attack. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-13.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft.
- [tcpm] I-D Action:draft-ietf-tcpm-tcpsecure-13.txt Internet-Drafts