SLIPPING IN THE WINDOW: TCP RESET ATTACKS

SLIPPING IN THE WINDOW: TCP RESET ATTACKS By: Paul A. Watson The threats posed by TCP injection attacks have long been a concern for Internet security researchers. The original TCP specification (USC, 1981) included features that originally intended to prevent reception of duplicate or disordered packets, but also provided protection against injection and spoofing attacks. The 32-bit sequence number ensures that received packets can be pieced together into the proper order, but also provided a significant hurdle for those seeking to inject false data into unseen TCP data steams. Although the TCP Reset attack has been recognized as a potential threat for years, little has been written on the subject and there appears very little understanding of the risks. This paper is intended to examine the real-world risks presented by TCP Reset attacks.