Improving TCP's Robustness to Blind In-Window Attacks (RFC5961)
Original Publication Date: 2010-Aug-01
Included in the Prior Art Database: 2010-Aug-27
Internet Society Requests For Comment (RFCs)
A. Ramaiah: AUTHOR [+2]
TCP [RFC0793] is widely deployed and the most common reliable end-to- end transport protocol used for data communication in today's Internet. Yet, when it was standardized over 20 years ago, the Internet was a different place, lacking many of the threats that are now common. The off-path TCP spoofing attacks, which are seen in the Internet today, fall into this category.
Internet Engineering Task Force (IETF) A. Ramaiah Request for Comments: 5961 Cisco Category: Standards Track R. Stewart ISSN: 2070-1721 Huawei M. Dalal Cisco August 2010
Improving TCP's Robustness to Blind In-Window Attacks
TCP has historically been considered to be protected against spoofed off-path packet injection attacks by relying on the fact that it is difficult to guess the 4-tuple (the source and destination IP addresses and the source and destination ports) in combination with the 32-bit sequence number(s). A combination of increasing window sizes and applications using longer-term connections (e.g., H-323 or Border Gateway Protocol (BGP) [RFC4271]) have left modern TCP implementations more vulnerable to these types of spoofed packet injection attacks.
Many of these long-term TCP applications tend to have predictable IP addresses and ports that makes it far easier for the 4-tuple (4-tuple is the same as the socket pair mentioned in RFC 793) to be guessed. Having guessed the 4-tuple correctly, an attacker can inject a TCP segment with the RST bit set, the SYN bit set or data into a TCP connection by systematically guessing the sequence number of the spoofed segment to be in the current receive window. This can cause the connection to abort or cause data corruption. This document specifies small modifications to the way TCP handles inbound segments that can reduce the chances of a successful attack.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc5961.
Ramaiah, et al. Standards Track [Page 1]
RFC 5961 ...