[rfc-dist] RFC 4953 on Defending TCP Against Spoofing Attacks
rfc-editor at rfc-editor.org
Mon Jul 30 18:03:31 PDT 2007
A new Request for Comments is now available in online RFC libraries.
Title: Defending TCP Against Spoofing Attacks
Author: J. Touch
Date: July 2007
Mailbox: touch at isi.edu
I-D Tag: draft-ietf-tcpm-tcp-antispoof-06.txt
Recent analysis of potential attacks on core Internet infrastructure
indicates an increased vulnerability of TCP connections to spurious
resets (RSTs), sent with forged IP source addresses (spoofing). TCP
has always been susceptible to such RST spoofing attacks, which were
indirectly protected by checking that the RST sequence number was
inside the current receive window, as well as via the obfuscation of
TCP endpoint and port numbers. For pairs of well-known endpoints
often over predictable port pairs, such as BGP or between web servers
and well-known large-scale caches, increases in the path
bandwidth-delay product of a connection have sufficiently increased
the receive window space that off-path third parties can brute-force
generate a viable RST sequence number. The susceptibility to attack
increases with the square of the bandwidth, and thus presents a
significant vulnerability for recent high-speed networks. This
document addresses this vulnerability, discussing proposed solutions
at the transport level and their inherent challenges, as well as
existing network level solutions and the feasibility of their
deployment. This document focuses on vulnerabilities due to spoofed
TCP segments, and includes a discussion of related ICMP spoofing
attacks on TCP connections. This memo provides information for the Internet community.
This document is a product of the TCP Maintenance and Minor Extensions
Working Group of the IETF.
INFORMATIONAL: This memo provides information for the Internet community.
It does not specify an Internet standard of any kind. Distribution
of this memo is unlimited.
This announcement is sent to the IETF list and the RFC-DIST list.
Requests to be added to or deleted from the IETF distribution list
should be sent to IETF-REQUEST at IETF.ORG. Requests to be
added to or deleted from the RFC-DIST distribution list should
be sent to RFC-DIST-REQUEST at RFC-EDITOR.ORG.
Details on obtaining RFCs via FTP or EMAIL may be obtained by sending
an EMAIL message to rfc-info at RFC-EDITOR.ORG with the message body
help: ways_to_get_rfcs. For example:
To: rfc-info at RFC-EDITOR.ORG
Subject: getting rfcs
Requests for special distribution should be addressed to either the
author of the RFC in question, or to RFC-Manager at RFC-EDITOR.ORG. Unless
specifically noted otherwise on the RFC itself, all RFCs are for
Submissions for Requests for Comments should be sent to
RFC-EDITOR at RFC-EDITOR.ORG. Please consult RFC 2223, Instructions to RFC
Authors, for further information.
The RFC Editor Team
USC/Information Sciences Institute
More information about the rfc-dist