bellovin-tcp-ip

bellovin-tcp-ip - Security Problems in the TCP/IP Protocol...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Security Problems in the TCP/IP Protocol Suite S.M. Bellovin* smb @ ulysses.att.com Murray Hill, New Jersey 07974 ABSTRACT The TCP/IP protocol suite, which is very widely used today, was developed under the sponsorship of the Department of Defense. Despite that, there are a number of serious security flaws inherent in the protocols, regardless of the correctness of any implementations. We describe a variety of attacks based on these flaws, including sequence number spoofing, routing attacks, source address spoofing, and authentication attacks. We also present defenses against these attacks, and conclude with a discussion of broad-spectrum defenses such as encryption. 1. INTRODUCTION The TCP/IP protocol suite [1][2] , which is very widely used today, was developed under the sponsorship of the Department of Defense. Despite that, there are a number of serious security flaws inherent in the protocols. Some of these flaws exist because hosts rely on IP source address for authentication; the Berkeley ‘‘ r -utilities’’ [3] are a notable example. Others exist because network control mechanisms, and in particular routing protocols, have minimal or non-existent authentication. When describing such attacks, our basic assumption is that the attacker has more or less complete control over some machine connected to the Internet. This may be due to flaws in that machine’s own protection mechanisms, or it may be because that machine is a microcomputer, and inherently unprotected. Indeed, the attacker may even be a rogue system administrator. 1.1 Exclusions We are not concerned with flaws in particular implementations of the protocols, such as those used by the Internet ‘‘worm’’ [4][5][6] . Rather, we discuss generic problems with the protocols themselves. As will be seen, careful implementation techniques can alleviate or prevent some of these problems. Some of the protocols we discuss are derived from Berkeley’s version of the UNIX system; others are generic Internet protocols. We are also not concerned with classic network attacks, such as physical eavesdropping, or altered or injected messages. We discuss such problems only in so far as they are facilitated or possible because of protocol problems. For the most part, there is no discussion here of vendor-specific protocols. We do discuss some problems with Berkeley’s protocols, since these have become de facto standards for many vendors, and not just for UNIX systems. 2. TCP SEQUENCE NUMBER PREDICTION One of the more fascinating security holes was first described by Morris [7] . Briefly, he used TCP sequence number prediction to construct a TCP packet sequence without ever receiving any responses from the server. This allowed him to spoof a trusted host on a local network. __________________
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 03/31/2009 for the course ECE 18731 taught by Professor Perrig during the Spring '08 term at Carnegie Mellon.

Page1 / 17

bellovin-tcp-ip - Security Problems in the TCP/IP Protocol...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online