Folks,
We have submitted a new draft on port number randomization. It's
based on a document by M. Larsen that had been published in 2004.
This document helps quite a lot in the case of the blind attacks that
have been discussed in the TCPM WG.
The document is pretty general, and its proposal can be applied to
any transport protocol.
The document is available at
http://www.gont.com.ar/drafts/port-randomization/draft-larsen-tsvwg-port-randomization-00.txt
, and you can find it in other fancy formats at:
http://www.gont.com.ar/drafts/port-randomization/index.html . It will
soon be available at the usual places.
Here's the abstract:
---- cut here ----
Recently, awareness has been raised about a number of "blind" attacks
that can be performed against the Transmission Control Protocol (TCP)
and similar protocols. The consequences of these attacks range from
throughput-reduction to broken connections or corrupted data. These
attacks rely on the attacker's ability to guess or know the four-
tuple (Source Address, Destination Address, Source port, Destination
Port) that identifies the transport protocol instance to be attacked.
This document describes a simple and efficient method for random
selection of the client port number, such that the possibility of an
attacker guessing the exact value is reduced. While this is not a
replacement for cryptographic methods, the described port number
randomization algorithms provide improved security/obfuscation with
very little effort and without any key management overhead.
---- cut here ----
We would highly appreciate any comments/suggestions you may have.
Thanks!
P.S.: While this message is being cross-posted to a few
mailing-lists, we would like the discussion to happen in the tsvwg,
as we think all transport protocols can benefit from the proposal in
this draft.
Kindest regards,
--
Fernando Gont
e-mail: fernando@xxxxxxxxxxx || fgont@xxxxxxx
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
