A New Internet-Draft is available from the on-line Internet-Drafts
directories.
Title : Port Randomization
Author(s) : M. Larsen, F. Gont
Filename : draft-larsen-tsvwg-port-randomization-00.txt
Pages : 15
Date : 2006-11-9
Recently, awareness has been raised about a number of "blind" attacks
that can be performed against the Transmission Control Protocol (TCP)
and similar protocols. The consequences of these attacks range from
throughput-reduction to broken connections or corrupted data. These
attacks rely on the attacker's ability to guess or know the four-
tuple (Source Address, Destination Address, Source port, Destination
Port) that identifies the transport protocol instance to be attacked.
This document describes a simple and efficient method for random
selection of the client port number, such that the possibility of an
attacker guessing the exact value is reduced. While this is not a
replacement for cryptographic methods, the described port number
randomization algorithms provide improved security/obfuscation with
very little effort and without any key management overhead.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-larsen-tsvwg-port-randomization-00.txt
To remove yourself from the I-D Announcement list, send a message to
i-d-announce-request@ietf.org with the word unsubscribe in the body of
the message.
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce
to change your subscription settings.
Internet-Drafts are also available by anonymous FTP. Login with the
username "anonymous" and a password of your e-mail address. After
logging in, type "cd internet-drafts" and then
"get draft-larsen-tsvwg-port-randomization-00.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-larsen-tsvwg-port-randomization-00.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-larsen-tsvwg-port-randomization-00.txt>
-
_______________________________________________
I-D-Announce@ietf.org
https://www1.ietf.org/mailman/listinfo/i-d-announce
