I-D Action:draft-ietf-tsvwg-port-randomization-09.txt
Internet-Drafts@ietf.org Sun, 15 August 2010 13:30 UTC
Return-Path: <root@core3.amsl.com>
X-Original-To: tsvwg@ietf.org
Delivered-To: tsvwg@core3.amsl.com
Received: by core3.amsl.com (Postfix, from userid 0) id 1F1883A67AF; Sun, 15 Aug 2010 06:30:02 -0700 (PDT)
From: Internet-Drafts@ietf.org
To: i-d-announce@ietf.org
Subject: I-D Action:draft-ietf-tsvwg-port-randomization-09.txt
Content-Type: Multipart/Mixed; Boundary="NextPart"
Mime-Version: 1.0
Message-Id: <20100815133003.1F1883A67AF@core3.amsl.com>
Date: Sun, 15 Aug 2010 06:30:02 -0700
Cc: tsvwg@ietf.org
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tsvwg>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Aug 2010 13:30:04 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Transport Area Working Group Working Group of the IETF. Title : Transport Protocol Port Randomization Recommendations Author(s) : M. Larsen, F. Gont Filename : draft-ietf-tsvwg-port-randomization-09.txt Pages : 36 Date : 2010-08-15 During the last few years, awareness has been raised about a number of "blind" attacks that can be performed against the Transmission Control Protocol (TCP) and similar protocols. The consequences of these attacks range from throughput-reduction to broken connections or data corruption. These attacks rely on the attacker's ability to guess or know the five-tuple (Protocol, Source Address, Destination Address, Source Port, Destination Port) that identifies the transport protocol instance to be attacked. This document describes a number of simple and efficient methods for the selection of the client port number, such that the possibility of an attacker guessing the exact value is reduced. While this is not a replacement for cryptographic methods for protecting the transport-protocol instance, the described port number obfuscation algorithms provide improved security/ obfuscation with very little effort and without any key management overhead. The algorithms described in this document are local policies that may be incrementally deployed, and that do not violate the specifications of any of the transport protocols that may benefit from them, such as TCP, UDP, UDP-lite, SCTP, DCCP, and RTP (provided the RTP application explicitly signals the RTP and RTCP port numbers). A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-port-randomization-09.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft.
- I-D Action:draft-ietf-tsvwg-port-randomization-09… Internet-Drafts