Defending TCP Against Spoofing Attacks
RFC 4953
Document | Type | RFC - Informational (July 2007; No errata) | |
---|---|---|---|
Author | Joseph Touch | ||
Last updated | 2015-10-14 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4953 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Lars Eggert | ||
Send notices to | (None) |
Network Working Group J. Touch Request for Comments: 4953 USC/ISI Category: Informational July 2007 Defending TCP Against Spoofing Attacks Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The IETF Trust (2007). Abstract Recent analysis of potential attacks on core Internet infrastructure indicates an increased vulnerability of TCP connections to spurious resets (RSTs), sent with forged IP source addresses (spoofing). TCP has always been susceptible to such RST spoofing attacks, which were indirectly protected by checking that the RST sequence number was inside the current receive window, as well as via the obfuscation of TCP endpoint and port numbers. For pairs of well-known endpoints often over predictable port pairs, such as BGP or between web servers and well-known large-scale caches, increases in the path bandwidth- delay product of a connection have sufficiently increased the receive window space that off-path third parties can brute-force generate a viable RST sequence number. The susceptibility to attack increases with the square of the bandwidth, and thus presents a significant vulnerability for recent high-speed networks. This document addresses this vulnerability, discussing proposed solutions at the transport level and their inherent challenges, as well as existing network level solutions and the feasibility of their deployment. This document focuses on vulnerabilities due to spoofed TCP segments, and includes a discussion of related ICMP spoofing attacks on TCP connections. Touch Informational [Page 1] RFC 4953 Defending TCP Against Spoofing Attacks July 2007 Table of Contents 1. Introduction ....................................................3 2. Background ......................................................4 2.1. Review of TCP Windows ......................................5 2.2. Recent BGP Attacks Using TCP RSTs ..........................6 2.3. TCP RST Vulnerability ......................................6 2.4. What Changed - the Ever-Opening Advertised Receive Window ..7 3. Proposed Solutions and Mitigations .............................10 3.1. Transport Layer Solutions .................................10 3.1.1. TCP MD5 Authentication .............................11 3.1.2. TCP RST Window Attenuation .........................11 3.1.3. TCP Timestamp Authentication .......................12 3.1.4. Other TCP Cookies ..................................13 3.1.5. Other TCP Considerations ...........................13 3.1.6. Other Transport Protocol Solutions .................14 3.2. Network Layer (IP) Solutions ..............................14 3.2.1. Address Filtering ..................................15 3.2.2. IPsec ..............................................16 4. ICMP ...........................................................17 5. Issues .........................................................18 5.1. Transport Layer (e.g., TCP) ...............................18 5.2. Network Layer (IP) ........................................19 5.3. Application Layer .........................................21 5.4. Link Layer ................................................21 5.5. Issues Discussion .........................................21 6. Security Considerations ........................................22 7. Conclusions ....................................................23 8. Acknowledgments ................................................23 9. Informative References .........................................24 Touch Informational [Page 2] RFC 4953 Defending TCP Against Spoofing Attacks July 2007 1. Introduction Analysis of the Internet infrastructure has recently demonstrated a new version of a vulnerability in BGP connections between core routers using an attack based on RST spoofing from off-path attackers [9][10][48]. The attack itself is not new, having been documented nearly six years earlier [20]. Such connections, typically using TCP, can be susceptible to off-path third-party reset (RST) segments with forged source addresses (spoofed), which terminate the TCP connection. BGP routers react to a terminated TCP connection in various ways, which can amplify the impact of an attack, ranging from restarting the connection to deciding that the other router isShow full document text