论文信息 - Defending against Sequence Number Attacks

Defending against Sequence Number Attacks

IP spoofing attacks based on sequence number spoofing have become a serious threat on the Internet (CERT Advisory CA-95:01). While ubiquitous crypgraphic authentication is the right answer, we propose a simple modification to TCP implementations that should be a very substantial block to the current wave of attacks.

Steven M. Bellovin | S. Bellovin | Fernando Gont

[1] Randall J. Atkinson,et al. Security Architecture for the Internet Protocol , 1995, RFC.

[2] Laurent Joncheray. A Simple Active Attack Against TCP , 1995, USENIX Security Symposium.

[3] Donald E. Eastlake,et al. Randomness Recommendations for Security , 1994, RFC.

[4] John T. Kohl,et al. The Kerberos Network Authentication Service (V5 , 2004 .

[5] Van Jacobson,et al. TCP Extension for High-Speed Paths , 1990, RFC.

[6] Ronald L. Rivest,et al. The MD4 Message-Digest Algorithm , 1990, RFC.

[7] S. M. Bellovin,et al. Security problems in the TCP/IP protocol suite , 1989, CCRV.

[8] Jon Postel,et al. Telnet Protocol Specification , 1980, RFC.