Port Randomization
draft-larsen-tsvwg-port-randomization-02
Document | Type |
Replaced Internet-Draft
(individual in tsv area)
Expired & archived
|
|
---|---|---|---|
Authors | Michael Larsen , Fernando Gont | ||
Last updated | 2015-10-14 (Latest revision 2007-09-10) | ||
Replaced by | draft-ietf-tsvwg-port-randomization | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Intended RFC status | (None) | ||
Formats | |||
Stream | WG state | (None) | |
Document shepherd | (None) | ||
IESG | IESG state | Replaced by draft-ietf-tsvwg-port-randomization | |
Action Holders |
(None)
|
||
Consensus boilerplate | Unknown | ||
Telechat date | (None) | ||
Responsible AD | Lars Eggert | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
Recently, awareness has been raised about a number of "blind" attacks that can be performed against the Transmission Control Protocol (TCP) and similar protocols. The consequences of these attacks range from throughput-reduction to broken connections or data corruption. These attacks rely on the attacker's ability to guess or know the four- tuple (Source Address, Destination Address, Source port, Destination Port) that identifies the transport protocol instance to be attacked. This document describes a simple and efficient method for random selection of the client port number, such that the possibility of an attacker guessing the exact value is reduced. While this is not a replacement for cryptographic methods, the described port number randomization algorithms provide improved security/obfuscation with very little effort and without any key management overhead.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)