Security Assessment of the Transmission Control Protocol (TCP)

This document contains a security assessment of the IETF specifications of the Transmission Control Protocol (TCP), and of a number of mechanisms and policies in use by popular TCP implementations. It is based on the results of a project carried out by the UK's Centre for the Protection of National Infrastructure (CPNI).

[1]  David Meyer,et al.  The Generalized TTL Security Mechanism (GTSM) , 2004, RFC.

[2]  Zheng Wang,et al.  An Architecture for Differentiated Services , 1998, RFC.

[3]  David Wetherall,et al.  Robust Explicit Congestion Notification (ECN) Signaling with Nonces , 2003, RFC.

[4]  Rob Beck Passive-aggressive resistance: OS fingerprint evasion , 2001 .

[5]  Martin Pilgram,et al.  Consultative Committee For Space Data Systems , 2009 .

[6]  David D. Clark,et al.  The design philosophy of the DARPA internet protocols , 1988, SIGCOMM '88.

[7]  Stephen E. Deering,et al.  Internet Protocol, Version 6 (IPv6) Specification , 1995, RFC.

[8]  Vern Paxson,et al.  TCP Congestion Control , 1999, RFC.

[9]  André Zúquete,et al.  Improving the functionality of syn cookies , 2002, Communications and Multimedia Security.

[10]  Robert T. Braden,et al.  Extending TCP for Transactions - Concepts , 1992, RFC.

[11]  Sally Floyd,et al.  An Extension to the Selective Acknowledgement (SACK) Option for TCP , 2000, RFC.

[12]  Mark Allman,et al.  TCP Congestion Control with Appropriate Byte Counting (ABC) , 2003, RFC.

[13]  Sarang Dharmapurikar,et al.  Robust TCP Stream Reassembly in the Presence of Adversaries , 2005, USENIX Security Symposium.

[14]  Fernando Gont,et al.  On the generation of TCP timestamps , 2010 .

[15]  Stephen E. Deering,et al.  Path MTU Discovery for IP version 6 , 1996, RFC.

[16]  Fernando Gont,et al.  Security implications of Network Address Translators (NATs) , 2009 .

[17]  Sally Floyd,et al.  Quick-Start for TCP and IP , 2007, RFC.

[18]  Craig Smith,et al.  Know Your Enemy : Passive Fingerprinting , 2001 .

[19]  Kevin Lahey,et al.  TCP Problems with Path MTU Discovery , 2000, RFC.

[20]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[21]  Fred Baker,et al.  Ingress Filtering for Multihomed Networks , 2004, RFC.

[22]  Keith Bostic,et al.  The design and implementa-tion of the 4.4BSD operating system , 1996 .

[23]  Pyda Srisuresh,et al.  Traditional IP Network Address Translator (Traditional NAT) , 2001, RFC.

[24]  Joseph D. Touch,et al.  Defending TCP Against Spoofing Attacks , 2007, RFC.

[25]  George Neville-Neil,et al.  Deprecation of Type 0 Routing Headers in IPv6 , 2007, RFC.

[26]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[27]  Jon Postel TCP and IP bake off , 1987, RFC.

[28]  Hari Balakrishnan,et al.  Network Working Group , 1991 .

[29]  Sally Floyd,et al.  The NewReno Modification to TCP's Fast Recovery Algorithm , 2004, RFC.

[30]  Michael J. Silbersack Improving TCP / IP security through randomization without sacrificing interoperability , 2005 .

[31]  Matthew Mathis,et al.  Automatic TCP buffer tuning , 1998, SIGCOMM '98.

[32]  Franck Veysset,et al.  New Tool And Technique For Remote Operating System Fingerprinting , 2002 .

[33]  Stephen E. Deering,et al.  Path MTU discovery , 1990, RFC.

[34]  J. P. Ed,et al.  Transmission control protocol- darpa internet program protocol specification , 1981 .

[35]  Fred Baker,et al.  Requirements for IP Version 4 Routers , 1995, RFC.

[36]  Sally Floyd,et al.  Increasing TCP's Initial Window , 1998, RFC.

[37]  David L. Black,et al.  The Addition of Explicit Congestion Notification (ECN) to IP , 2001, RFC.

[38]  Fernando Gont,et al.  On the implementation of TCP urgent data , 2009 .

[39]  Paul D. Amer,et al.  An Extension to TCP : Partial Order Service , 1994, RFC.

[40]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[41]  Jürgen Falb,et al.  The Internet Protocol , 2005, The Industrial Information Technology Handbook.

[42]  David L. Black,et al.  Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers , 1998, RFC.

[43]  Stephen E. Deering,et al.  Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification , 2006, RFC.

[44]  Craig H. Rowland,et al.  Covert Channels in the TCP/IP Protocol Suite , 1997, First Monday.

[45]  W. Richard Stevens,et al.  TCP/IP Illustrated, Volume 2: The Implementation , 1995 .

[46]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[47]  Andrew J. T. Colin,et al.  The Implementation , 1972, Softw. Pract. Exp..

[48]  Jonathan Lemon,et al.  Resisting SYN Flood DoS Attacks with a SYN Cache , 2002, BSDCon.

[49]  Robert Morris A Weakness in the 4.2BSD Unix† TCP/IP Software , 1999 .

[50]  Technical Whitepaper,et al.  SLIPPING IN THE WINDOW: TCP RESET ATTACKS , 2003 .

[51]  Van Jacobson,et al.  Congestion avoidance and control , 1988, SIGCOMM '88.

[52]  Vern Paxson,et al.  Computing TCP's Retransmission Timer , 2000, RFC.

[53]  Steven M. Bellovin,et al.  Defending against Sequence Number Attacks , 2012, RFC.

[54]  Robert Braden,et al.  T/TCP - TCP Extensions for Transactions Functional Specification , 1994, RFC.

[55]  Bill Fenner Experimental Values In IPv4, IPv6, ICMPv4, ICMPv6, UDP, and TCP Headers , 2006, RFC.

[56]  Lili Wang,et al.  A Conservative Selective Acknowledgment (SACK)-based Loss Recovery Algorithm for TCP , 2003, RFC.

[57]  Van Jacobson,et al.  TCP extensions for long-delay paths , 1988, RFC.

[58]  Thomas Henry Ptacek,et al.  Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .

[59]  David D. Clark,et al.  Fault isolation and recovery , 1982, RFC.

[60]  John C. Klensin,et al.  Simple Mail Transfer Protocol , 2001, RFC.

[61]  Van Jacobson,et al.  TCP Extensions for High Performance , 1992, RFC.

[62]  Craig Partridge,et al.  TCP alternate checksum options , 1990, RFC.

[63]  Fernando Gont,et al.  TCP's Reaction to Soft Errors , 2009, RFC.

[64]  Matt Mathis,et al.  Packetization Layer Path MTU Discovery , 2007, RFC.

[65]  Robert T. Braden,et al.  Requirements for Internet Hosts - Communication Layers , 1989, RFC.

[66]  Andy Heffernan,et al.  Protection of BGP Sessions via the TCP MD5 Signature Option , 1998, RFC.

[67]  Jon Postel,et al.  Internet Control Message Protocol , 1981, RFC.

[68]  Farnam Jahanian,et al.  Defeating TCP/IP Stack Fingerprinting , 2000, USENIX Security Symposium.

[69]  Marcin Zalewski,et al.  Strange attractors and tcp/ip sequence number analysis , 2004 .

[70]  Wesley M. Eddy,et al.  TCP SYN Flooding Attacks and Common Mitigations , 2007, RFC.

[71]  Fernando Gont,et al.  Internet Engineering Task Force (ietf) Security Assessment of the Internet Protocol Version 4 , 2011 .

[72]  Randall R. Stewart,et al.  Improving TCP's Robustness to Blind In-Window Attacks , 2010, RFC.

[73]  S. M. Bellovin,et al.  Security problems in the TCP/IP protocol suite , 1989, CCRV.

[74]  Stefan Savage,et al.  TCP congestion control with a misbehaving receiver , 1999, CCRV.