Port Randomization
draft-larsen-tsvwg-port-randomization-02
| Document | Type | Replaced Internet-Draft (individual in tsv area) | |
|---|---|---|---|
| Authors | Michael Larsen , Fernando Gont | ||
| Last updated | 2015-10-14 (Latest revision 2007-09-10) | ||
| Replaced by | RFC 6056 | ||
| Stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | (None) | ||
| Formats |
Expired & archived
plain text
htmlized
pdfized
bibtex
|
||
| Stream | WG state | (None) | |
| Document shepherd | (None) | ||
| IESG | IESG state | Replaced by draft-ietf-tsvwg-port-randomization | |
| Action Holders |
(None)
|
||
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | Lars Eggert | ||
| Send notices to | (None) |
https://www.ietf.org/archive/id/draft-larsen-tsvwg-port-randomization-02.txt
Abstract
Recently, awareness has been raised about a number of "blind" attacks that can be performed against the Transmission Control Protocol (TCP) and similar protocols. The consequences of these attacks range from throughput-reduction to broken connections or data corruption. These attacks rely on the attacker's ability to guess or know the four- tuple (Source Address, Destination Address, Source port, Destination Port) that identifies the transport protocol instance to be attacked. This document describes a simple and efficient method for random selection of the client port number, such that the possibility of an attacker guessing the exact value is reduced. While this is not a replacement for cryptographic methods, the described port number randomization algorithms provide improved security/obfuscation with very little effort and without any key management overhead.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)