Defending TCP Against Spoofing Attacks
RFC 4953
|
| Document |
Type |
|
RFC - Informational
(July 2007; No errata)
|
|
Last updated |
|
2015-10-14
|
|
Stream |
|
IETF
|
|
Formats |
|
plain text
pdf
htmlized
bibtex
|
|
Reviews |
|
|
| Stream |
WG state
|
|
(None)
|
|
Document shepherd |
|
No shepherd assigned
|
| IESG |
IESG state |
|
RFC 4953 (Informational)
|
|
Consensus Boilerplate |
|
Unknown
|
|
Telechat date |
|
|
|
Responsible AD |
|
Lars Eggert
|
|
Send notices to |
|
(None)
|
Network Working Group J. Touch
Request for Comments: 4953 USC/ISI
Category: Informational July 2007
Defending TCP Against Spoofing Attacks
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The IETF Trust (2007).
Abstract
Recent analysis of potential attacks on core Internet infrastructure
indicates an increased vulnerability of TCP connections to spurious
resets (RSTs), sent with forged IP source addresses (spoofing). TCP
has always been susceptible to such RST spoofing attacks, which were
indirectly protected by checking that the RST sequence number was
inside the current receive window, as well as via the obfuscation of
TCP endpoint and port numbers. For pairs of well-known endpoints
often over predictable port pairs, such as BGP or between web servers
and well-known large-scale caches, increases in the path bandwidth-
delay product of a connection have sufficiently increased the receive
window space that off-path third parties can brute-force generate a
viable RST sequence number. The susceptibility to attack increases
with the square of the bandwidth, and thus presents a significant
vulnerability for recent high-speed networks. This document
addresses this vulnerability, discussing proposed solutions at the
transport level and their inherent challenges, as well as existing
network level solutions and the feasibility of their deployment.
This document focuses on vulnerabilities due to spoofed TCP segments,
and includes a discussion of related ICMP spoofing attacks on TCP
connections.
Touch Informational [Page 1]
RFC 4953 Defending TCP Against Spoofing Attacks July 2007
Table of Contents
1. Introduction ....................................................3
2. Background ......................................................4
2.1. Review of TCP Windows ......................................5
2.2. Recent BGP Attacks Using TCP RSTs ..........................6
2.3. TCP RST Vulnerability ......................................6
2.4. What Changed - the Ever-Opening Advertised Receive Window ..7
3. Proposed Solutions and Mitigations .............................10
3.1. Transport Layer Solutions .................................10
3.1.1. TCP MD5 Authentication .............................11
3.1.2. TCP RST Window Attenuation .........................11
3.1.3. TCP Timestamp Authentication .......................12
3.1.4. Other TCP Cookies ..................................13
3.1.5. Other TCP Considerations ...........................13
3.1.6. Other Transport Protocol Solutions .................14
3.2. Network Layer (IP) Solutions ..............................14
3.2.1. Address Filtering ..................................15
3.2.2. IPsec ..............................................16
4. ICMP ...........................................................17
5. Issues .........................................................18
5.1. Transport Layer (e.g., TCP) ...............................18
5.2. Network Layer (IP) ........................................19
5.3. Application Layer .........................................21
5.4. Link Layer ................................................21
5.5. Issues Discussion .........................................21
6. Security Considerations ........................................22
7. Conclusions ....................................................23
8. Acknowledgments ................................................23
9. Informative References .........................................24
Touch Informational [Page 2]
RFC 4953 Defending TCP Against Spoofing Attacks July 2007
1. Introduction
Analysis of the Internet infrastructure has recently demonstrated a
new version of a vulnerability in BGP connections between core
routers using an attack based on RST spoofing from off-path attackers
[9][10][48]. The attack itself is not new, having been documented
nearly six years earlier [20]. Such connections, typically using
TCP, can be susceptible to off-path third-party reset (RST) segments
with forged source addresses (spoofed), which terminate the TCP
connection. BGP routers react to a terminated TCP connection in
various ways, which can amplify the impact of an attack, ranging from
restarting the connection to deciding that the other router is
Show full document text