TCP/IP Security workshop at HIP 97

The workshop explains how IP spoofing works, what possible attacks can be mounted and what known solutions exist against spoofing. There will also be a practical presentation of a man-in-the-middle attack.

Unencrypted tcp connections

can be spoofed:
Where spoofing is the term for establishing a connection with a forged sender address; this normaly involves exploiting trust relations between the source and the destination address

Facts about some operating systems:

OS ISN Source Routing

OpenBSD 2.1 random disabled per default

SunOS 5.5.1 random enabled per default

HP/UX 9.04 64k incr. enabled per default

AIX 4.1.4 64k incr. enabled per default

UCX 3.3 on OpenVMS 64k incr. enabled per default

can be highjacked:
The control of a connection will be taken by the attacker after the user authenication has been done (.i.e. one-time-passwords ). Possibly via icmp redirect or RIP.
can be manipulated:
The attacker can insert arbitrary streams of data without the user noticing it.

IP Security offers a framework for ensuring privacy, authentication and integrity of network traffic. It is mandatory for any IPv6 implementation and can also be used as addon for IPv4.
Steven M. Bellovin has pointed out some problems with the IP Security Protcols at the Sixth USENIX UNIX Security Symposium in San Jose.
The OpenBSD Project offers a freely exportable IPSec implementation.

In order for IP Security to operate key management daemons are necessary. A good example is the Photuris Keymangement Protocol which utilizies the Diffie-Hellman key exchange to establish a shared secret between two parties over an insecure network.

Last but not least some theoretical ways to hide information in TCP/IP packets will be presented.

OS	ISN	Source Routing
OpenBSD 2.1	random	disabled per default
SunOS 5.5.1	random	enabled per default
HP/UX 9.04	64k incr.	enabled per default
AIX 4.1.4	64k incr.	enabled per default
UCX 3.3 on OpenVMS	64k incr.	enabled per default