Security problems of TCP

This outdated page addresses some problems of unencrypted tcp connections, which

can be spoofed (source code of an ip spoofer):
Where spoofing is the term for establishing a connection with a forged sender address; this normaly involves exploiting trust relations between the source and the destination address
- Morris' paper about IP spoofing.
- Phrack 48 Text explains the problem in easy words
- ipspoof.1 - the altogether spoofing package
  - SunOS 5.5.1 isn't vulnerable against sequence number guessing though still comes with source routing on as default.
  - HP/UX 9.04 AIX 4.1.4 are vulnerable against sequence number guessing and come with source routing enabled as default, though a bug in the rshd daemon renders lsrr on AIX useless.
  - UCX 3.3 on OpenVMS is vulnerable against sequence number guessing and comes with source routing enabled as default.
  - Linux 2.0.24 of isn't affected by both kinds.
can be highjacked:
The control of a connection will be taken by the attacker after the user authenication has been done (.i.e. one-time-passwords ). Possibly via icmp redirect or RIP.
- Joncheray's paper about a simple active attack against TCP
can be manipulated (source code of such a beast):
The attacker can insert arbitrary streams of data without the user noticing it
- Joncheray's paper about a simple active attack against TCP
- Sample log of a manipulated connection as seen from the client site. In fact the client can't determine that his connection was taken control of.

The easiest solution to avoid attacks like that would be to disable source routing on your hosts, don't pass source routed packets through your own routers, install checks that no packets will be routed from the outside with an inside source address. But that still wont help against all kinds of possible attacks. The free OpenSSH is the ideal anwser against most of those threats. SSH will encrypt your connections and even forward X Windows.

TCP/IP Protocol Related Texts

When you read all those texts, you get a fairly good impression what the problems concerning TCP/IP are and what can be done to avoid security holes.

Security Problems with TCP/IP
A Weakness in TCP
Probing TCP
Simple Active Attack Against TCP
Phrack 48 Arcticle on IP Spoofing
- RFC1180 - A TCP/IP tutorial
- RFC1739 - A Primer On Internet and TCP/IP Tools
- Stevens, TCP/IP Illustrated Volume 1-2

Cryptography

International Cryptography Pages
Crypto-Log: Internetguide to Cryptography
Quantum Cryptography
Cryptanalysis of Diffie-Hellman, RSA, DSS, and Other Systems Using Timing Attacks (PS-File) - A good Joke ? or worth a try for hardware cards ?
PGP Attack FAQ
- What is Elliptic Curve Cryptography
- IEEE P1363 Draft: Standard for RSA, Diffie-Hellman, Elliptic Curves, and related public-key cryptography. A draft is available in postscript (115k).
  - Neal Koblitz, A Course in Number Theory and Cryptography, Springer Verlag
  - A. J. Menezes, Elliptic Curve Public Key Cryptosystems, Kluwer Academic Publishers
  - Books, Articles, People and Links concerning ECC

Computer Security Related Links

Cyber Security - Information Infrastructure Protection, Intrusion Prevention, Threat Asssessment.
Securityfocus - links to tools.

(PGP Public Key)

[Back]

Security problems of TCP

Facts about some operating systems:

TCP/IP Protocol Related Texts

Cryptography

Elliptic Curves Cryptography

Computer Security Related Links