I-D Action:draft-ietf-tsvwg-port-randomization-02.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Transport Area Working Group Working Group of the IETF.


	Title           : Port Randomization
	Author(s)       : M. Larsen, F. Gont
	Filename        : draft-ietf-tsvwg-port-randomization-02.txt
	Pages           : 28
	Date            : 2008-08-31

Recently, awareness has been raised about a number of "blind" attacks
that can be performed against the Transmission Control Protocol (TCP)
and similar protocols.  The consequences of these attacks range from
throughput-reduction to broken connections or data corruption.  These
attacks rely on the attacker's ability to guess or know the five-
tuple (Protocol, Source Address, Destination Address, Source Port,
Destination Port) that identifies the transport protocol instance to
be attacked.  This document describes a number of simple and
efficient methods for the random selection of the client port number,
such that the possibility of an attacker guessing the exact value is
reduced.  While this is not a replacement for cryptographic methods,
the described port number randomization algorithms provide improved
security/obfuscation with very little effort and without any key
management overhead.  The algorithms described in this document are
local policies that may be incrementally deployed, and that do not
violate the specifications of any of the transport protocols that may
benefit from them, such as TCP, UDP, UDP-lite, SCTP, DCCP, and RTP.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-port-randomization-02.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
<ftp://ftp.ietf.org/internet-drafts/draft-ietf-tsvwg-port-randomization-02.txt>
_______________________________________________

I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux