[rfc-dist] RFC 4953 on Defending TCP Against Spoofing Attacks

rfc-editor@rfc-editor.org rfc-editor at rfc-editor.org
Mon Jul 30 18:03:31 PDT 2007

A new Request for Comments is now available in online RFC libraries.

        RFC 4953

        Title:      Defending TCP Against Spoofing Attacks 
        Author:     J. Touch
        Status:     Informational
        Date:       July 2007
        Mailbox:    touch at isi.edu
        Pages:      28
        Characters: 72756
        Updates/Obsoletes/SeeAlso:   None

        I-D Tag:    draft-ietf-tcpm-tcp-antispoof-06.txt

        URL:        http://www.rfc-editor.org/rfc/rfc4953.txt

Recent analysis of potential attacks on core Internet infrastructure
indicates an increased vulnerability of TCP connections to spurious
resets (RSTs), sent with forged IP source addresses (spoofing).  TCP
has always been susceptible to such RST spoofing attacks, which were
indirectly protected by checking that the RST sequence number was
inside the current receive window, as well as via the obfuscation of
TCP endpoint and port numbers.  For pairs of well-known endpoints
often over predictable port pairs, such as BGP or between web servers
and well-known large-scale caches, increases in the path
bandwidth-delay product of a connection have sufficiently increased
the receive window space that off-path third parties can brute-force
generate a viable RST sequence number.  The susceptibility to attack
increases with the square of the bandwidth, and thus presents a
significant vulnerability for recent high-speed networks.  This
document addresses this vulnerability, discussing proposed solutions
at the transport level and their inherent challenges, as well as
existing network level solutions and the feasibility of their
deployment.  This document focuses on vulnerabilities due to spoofed
TCP segments, and includes a discussion of related ICMP spoofing
attacks on TCP connections.  This memo provides information for the Internet community.

This document is a product of the TCP Maintenance and Minor Extensions
Working Group of the IETF.

INFORMATIONAL: This memo provides information for the Internet community. 
It does not specify an Internet standard of any kind. Distribution
of this memo is unlimited.

This announcement is sent to the IETF list and the RFC-DIST list.
Requests to be added to or deleted from the IETF distribution list
should be sent to IETF-REQUEST at IETF.ORG.  Requests to be
added to or deleted from the RFC-DIST distribution list should

Details on obtaining RFCs via FTP or EMAIL may be obtained by sending
an EMAIL message to rfc-info at RFC-EDITOR.ORG with the message body 

help: ways_to_get_rfcs. For example:

        To: rfc-info at RFC-EDITOR.ORG
        Subject: getting rfcs

        help: ways_to_get_rfcs

Requests for special distribution should be addressed to either the
author of the RFC in question, or to RFC-Manager at RFC-EDITOR.ORG.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.

Submissions for Requests for Comments should be sent to
RFC-EDITOR at RFC-EDITOR.ORG.  Please consult RFC 2223, Instructions to RFC
Authors, for further information.

The RFC Editor Team
USC/Information Sciences Institute


More information about the rfc-dist mailing list