Defending TCP Against Spoofing Attacks

Touch, Joseph D.

doi:10.17487/rfc4953

Cited by 29 publications

(19 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is because [RFC0793] specifies that any RST within the current window is acceptable. Also, [RFC4953] talks about the probability of a successful attack with varying window sizes and bandwidth.…”

Section: Basic Attack Methodologymentioning

confidence: 99%

See 1 more Smart Citation

Improving TCP's Robustness to Blind In-Window Attacks

Dalal¹,

Stewart²,

Ramaiah³

2010

View full text Add to dashboard Cite

TCP has historically been considered to be protected against spoofed off-path packet injection attacks by relying on the fact that it is difficult to guess the 4-tuple (the source and destination IP addresses and the source and destination ports) in combination with the 32-bit sequence number(s). A combination of increasing window sizes and applications using longer-term connections (e.g., H-323 or Border Gateway Protocol (BGP) [RFC4271]) have left modern TCP implementations more vulnerable to these types of spoofed packet injection attacks.Many of these long-term TCP applications tend to have predictable IP addresses and ports that makes it far easier for the 4-tuple (4-tuple is the same as the socket pair mentioned in RFC 793) to be guessed. Having guessed the 4-tuple correctly, an attacker can inject a TCP segment with the RST bit set, the SYN bit set or data into a TCP connection by systematically guessing the sequence number of the spoofed segment to be in the current receive window. This can cause the connection to abort or cause data corruption. This document specifies small modifications to the way TCP handles inbound segments that can reduce the chances of a successful attack.

show abstract

Section: Basic Attack Methodologymentioning

confidence: 99%

“…For further details regarding the attacks and the existing techniques, please refer to [RFC4953]. It also needs to be emphasized that, as suggested in [TSVWG-PORT] and [RFC1948], port randomization and initial sequence number (ISN) randomization would help improve the robustness of the TCP connection against off-path attacks.…”

Section: Attack Probabilitiesmentioning

confidence: 99%

Improving TCP's Robustness to Blind In-Window Attacks

Dalal¹,

Stewart²,

Ramaiah³

2010

View full text Add to dashboard Cite

show abstract

“…However, as discussed in [Watson] and [RFC4953], there are a number of scenarios (notably that of TCP connections established between two BGP routers [RFC4271]) in which an attacker may be able to know or guess the four-tuple that identifies a TCP connection. In such a case, if we assume the attacker knows the two systems involved in the TCP connection to be attacked, both the client-side and the server-side IP addresses could be known or be within a reasonable number of possibilities.…”

Section: Handling Of Icmp Error Messagesmentioning

confidence: 99%

ICMP Attacks against TCP

Gont¹

2010

View full text Add to dashboard Cite

“…However, because the sender address is forged, the response never comes. These half-open connections consume resources on the server and limit the number of connections the server is able to make, reducing the server's ability to respond to legitimate requests until after the attack ends [18,19,20,21].…”

Section: ) Tcp Syn Flooding: Syn Flood Sends a Flood Ofmentioning

confidence: 99%

A Selective Survey of Distributed Denial-of-Service (Ddos) Attacks and Defense Mechanisms

.B.B¹

2008

Int. Jour. Info. Sci. Comp.

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attacks, one of the latest and most powerful threats that have appeared to the Internet can disrupt the availability of Internet services completely, by eating either computational or communication resources through sheer volume of packets sent from distributed locations in a coordinated manner or graceful degradation of network performance by sending attack traffic at low rate. An overview of DDoS problem, Vulnerabilities in Internet Architecture, Attack: Modus Operandi, different types of DDoS attacks, recent defense mechanisms and their effectiveness are presented. This provides better understanding of the problem, current solution space and future to defend against DDoS attacks.

show abstract

Defending TCP Against Spoofing Attacks

Cited by 29 publications

References 19 publications

Improving TCP's Robustness to Blind In-Window Attacks

Improving TCP's Robustness to Blind In-Window Attacks

ICMP Attacks against TCP

A Selective Survey of Distributed Denial-of-Service (Ddos) Attacks and Defense Mechanisms

Contact Info

Product

Resources

About