SLIPPING IN THE WINDOW: TCP RESET ATTACKS By: Paul A. Watson The threats posed by TCP injection attacks have long been a concern for Internet security researchers. The original TCP specification (USC, 1981) included features that originally intended to prevent reception of duplicate or disordered packets, but also provided protection against injection and spoofing attacks. The 32-bit sequence number ensures that received packets can be pieced together into the proper order, but also provided a significant hurdle for those seeking to inject false data into unseen TCP data steams. Although the TCP Reset attack has been recognized as a potential threat for years, little has been written on the subject and there appears very little understanding of the risks. This paper is intended to examine the real-world risks presented by TCP Reset attacks.
[1]
Steven M. Bellovin,et al.
Defending against Sequence Number Attacks
,
2012,
RFC.
[2]
Paul Ferguson,et al.
Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing
,
1998,
RFC.
[3]
Andy Heffernan,et al.
Protection of BGP Sessions via the TCP MD5 Signature Option
,
1998,
RFC.
[4]
Matthew Franz,et al.
BGP Vulnerability Testing: Separating Fact from FUD v1.1
,
2004
.
[5]
Marcin Zalewski,et al.
Strange attractors and tcp/ip sequence number analysis
,
2004
.