Port Randomization
draft-larsen-tsvwg-port-randomization-02
| Document | Type |
Replaced Internet-Draft
(individual in tsv area)
Expired & archived
|
|
|---|---|---|---|
| Authors | Michael Larsen , Fernando Gont | ||
| Last updated | 2015-10-14 (Latest revision 2007-09-10) | ||
| Replaced by | draft-ietf-tsvwg-port-randomization | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | WG state | (None) | |
| Document shepherd | (None) | ||
| IESG | IESG state | Replaced by draft-ietf-tsvwg-port-randomization | |
| Action Holders |
(None)
|
||
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | Lars Eggert | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
Recently, awareness has been raised about a number of "blind" attacks that can be performed against the Transmission Control Protocol (TCP) and similar protocols. The consequences of these attacks range from throughput-reduction to broken connections or data corruption. These attacks rely on the attacker's ability to guess or know the four- tuple (Source Address, Destination Address, Source port, Destination Port) that identifies the transport protocol instance to be attacked. This document describes a simple and efficient method for random selection of the client port number, such that the possibility of an attacker guessing the exact value is reduced. While this is not a replacement for cryptographic methods, the described port number randomization algorithms provide improved security/obfuscation with very little effort and without any key management overhead.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)