Internet vulnerabilities related to TCP/IP and T/TCP
暂无分享,去创建一个
The Internet put the rest of the world at the reach of our computers. In the same way it also made our computers reachable by the rest of the world. Good news and bad news! Over the last decade, the Internet has been subject to widespread security attacks. Besides the classical terms, new ones had to be found in order to designate a large collection of threats: Worms, break-ins, hackers, crackers, hijacking, phrackers, spoofing, man-in-the-middle, password-sniffing, denial-of-service, and so on.Since the Internet was born of academic efforts to share information, it never strove for high security measures. In fact in some of its components, security was consciously traded for easiness in sharing. Although the advent of electronic commerce has pushed for "real security" in the Internet, there are still a large number of users (including computer scientists) that are very vulnerable to attacks, mostly because they are not aware of the nature (and ease) of the attacks and still believe that a "good" password is all they need to be concerned about.Aiming for a better understanding of the subject, we wrote a first paper [1] in which we discussed several threats and attacks related to TCP/IP. The present work is an extension of the first one, and its main goal is to include T/TCP in the discussion. Additionally, in an effort to make this paper more comprehensive, we included some sections from the former.Besides the description of each attack (the what), we also discuss the way they are carried out (the how) and, when possible, the related means of prevention, detection and/or defense.
[1] Marco de Vivo,et al. Internet security attacks at the basic levels , 1998, OPSR.
[2] Robert Braden,et al. T/TCP - TCP Extensions for Transactions Functional Specification , 1994, RFC.