Improving TCP’s Resistance to Blind Attacks through Ephemeral Port Randomization
- Autores
- Gont, Fernando
- Año de publicación
- 2007
- Idioma
- inglés
- Tipo de recurso
- documento de conferencia
- Estado
- versión publicada
- Descripción
- Recently, awareness has been raised about a number of “blind” attacks that can be performed against the Transmission Control Protocol (TCP) and similar protocols. The consequences of these attacks range from throughput-reduction to broken connections or data corruption. These attacks rely on the attacker's ability to guess or know the four-tuple (Source Address, Destination Address, Source port, Destination Port) that identifies the transport protocol instance to be attacked. While there have been a number of proposals to mitigate these Vulnerabilities, the most obvious mitigation -- TCP port randomization -- has been the one least engineered. In this paper we analyze a number of approaches for the random selection of client port numbers, such that the possibility of an attacker guessing the exact value is reduced. We discuss the potential interoperability problems that may arise from some port randomization algorithms that have been implemented in a number of popular operating systems, and propose a novel port randomization algorithm that provides the obfuscation while avoiding the interoperability problems that may be caused by other approaches. While port randomization is not a replacement for cryptographic methods, the described port number randomization algorithms provide improved security/obfuscation with very little effort and without any key management overhead.
II Workshop de Arquitecturas, Redes y Sistemas Operativos
Red de Universidades con Carreras en Informática (RedUNCI) - Materia
-
Ciencias Informáticas
Informática
Routing protocols
Standards (e.g., TCP/IP)
Internet (e.g., TCP/IP)
Security, integrity, and protection
transport protocols
port randomization
obfuscation
blind attacks - Nivel de accesibilidad
- acceso abierto
- Condiciones de uso
- http://creativecommons.org/licenses/by-nc-sa/2.5/ar/
- Repositorio
.jpg)
- Institución
- Universidad Nacional de La Plata
- OAI Identificador
- oai:sedici.unlp.edu.ar:10915/21698
Ver los metadatos del registro completo
| id |
SEDICI_499aece436426d6c9824341019801124 |
|---|---|
| oai_identifier_str |
oai:sedici.unlp.edu.ar:10915/21698 |
| network_acronym_str |
SEDICI |
| repository_id_str |
1329 |
| network_name_str |
SEDICI (UNLP) |
| spelling |
Improving TCP’s Resistance to Blind Attacks through Ephemeral Port RandomizationGont, FernandoCiencias InformáticasInformáticaRouting protocolsStandards (e.g., TCP/IP)Internet (e.g., TCP/IP)Security, integrity, and protectiontransport protocolsport randomizationobfuscationblind attacksRecently, awareness has been raised about a number of “blind” attacks that can be performed against the Transmission Control Protocol (TCP) and similar protocols. The consequences of these attacks range from throughput-reduction to broken connections or data corruption. These attacks rely on the attacker's ability to guess or know the four-tuple (Source Address, Destination Address, Source port, Destination Port) that identifies the transport protocol instance to be attacked. While there have been a number of proposals to mitigate these Vulnerabilities, the most obvious mitigation -- TCP port randomization -- has been the one least engineered. In this paper we analyze a number of approaches for the random selection of client port numbers, such that the possibility of an attacker guessing the exact value is reduced. We discuss the potential interoperability problems that may arise from some port randomization algorithms that have been implemented in a number of popular operating systems, and propose a novel port randomization algorithm that provides the obfuscation while avoiding the interoperability problems that may be caused by other approaches. While port randomization is not a replacement for cryptographic methods, the described port number randomization algorithms provide improved security/obfuscation with very little effort and without any key management overhead.II Workshop de Arquitecturas, Redes y Sistemas OperativosRed de Universidades con Carreras en Informática (RedUNCI)2007info:eu-repo/semantics/conferenceObjectinfo:eu-repo/semantics/publishedVersionObjeto de conferenciahttp://purl.org/coar/resource_type/c_5794info:ar-repo/semantics/documentoDeConferenciaapplication/pdf136-146http://sedici.unlp.edu.ar/handle/10915/21698enginfo:eu-repo/semantics/openAccesshttp://creativecommons.org/licenses/by-nc-sa/2.5/ar/Creative Commons Attribution-NonCommercial-ShareAlike 2.5 Argentina (CC BY-NC-SA 2.5)reponame:SEDICI (UNLP)instname:Universidad Nacional de La Platainstacron:UNLP2025-09-17T09:38:09Zoai:sedici.unlp.edu.ar:10915/21698Institucionalhttp://sedici.unlp.edu.ar/Universidad públicaNo correspondehttp://sedici.unlp.edu.ar/oai/snrdalira@sedici.unlp.edu.arArgentinaNo correspondeNo correspondeNo correspondeopendoar:13292025-09-17 09:38:09.315SEDICI (UNLP) - Universidad Nacional de La Platafalse |
| dc.title.none.fl_str_mv |
Improving TCP’s Resistance to Blind Attacks through Ephemeral Port Randomization |
| title |
Improving TCP’s Resistance to Blind Attacks through Ephemeral Port Randomization |
| spellingShingle |
Improving TCP’s Resistance to Blind Attacks through Ephemeral Port Randomization Gont, Fernando Ciencias Informáticas Informática Routing protocols Standards (e.g., TCP/IP) Internet (e.g., TCP/IP) Security, integrity, and protection transport protocols port randomization obfuscation blind attacks |
| title_short |
Improving TCP’s Resistance to Blind Attacks through Ephemeral Port Randomization |
| title_full |
Improving TCP’s Resistance to Blind Attacks through Ephemeral Port Randomization |
| title_fullStr |
Improving TCP’s Resistance to Blind Attacks through Ephemeral Port Randomization |
| title_full_unstemmed |
Improving TCP’s Resistance to Blind Attacks through Ephemeral Port Randomization |
| title_sort |
Improving TCP’s Resistance to Blind Attacks through Ephemeral Port Randomization |
| dc.creator.none.fl_str_mv |
Gont, Fernando |
| author |
Gont, Fernando |
| author_facet |
Gont, Fernando |
| author_role |
author |
| dc.subject.none.fl_str_mv |
Ciencias Informáticas Informática Routing protocols Standards (e.g., TCP/IP) Internet (e.g., TCP/IP) Security, integrity, and protection transport protocols port randomization obfuscation blind attacks |
| topic |
Ciencias Informáticas Informática Routing protocols Standards (e.g., TCP/IP) Internet (e.g., TCP/IP) Security, integrity, and protection transport protocols port randomization obfuscation blind attacks |
| dc.description.none.fl_txt_mv |
Recently, awareness has been raised about a number of “blind” attacks that can be performed against the Transmission Control Protocol (TCP) and similar protocols. The consequences of these attacks range from throughput-reduction to broken connections or data corruption. These attacks rely on the attacker's ability to guess or know the four-tuple (Source Address, Destination Address, Source port, Destination Port) that identifies the transport protocol instance to be attacked. While there have been a number of proposals to mitigate these Vulnerabilities, the most obvious mitigation -- TCP port randomization -- has been the one least engineered. In this paper we analyze a number of approaches for the random selection of client port numbers, such that the possibility of an attacker guessing the exact value is reduced. We discuss the potential interoperability problems that may arise from some port randomization algorithms that have been implemented in a number of popular operating systems, and propose a novel port randomization algorithm that provides the obfuscation while avoiding the interoperability problems that may be caused by other approaches. While port randomization is not a replacement for cryptographic methods, the described port number randomization algorithms provide improved security/obfuscation with very little effort and without any key management overhead. II Workshop de Arquitecturas, Redes y Sistemas Operativos Red de Universidades con Carreras en Informática (RedUNCI) |
| description |
Recently, awareness has been raised about a number of “blind” attacks that can be performed against the Transmission Control Protocol (TCP) and similar protocols. The consequences of these attacks range from throughput-reduction to broken connections or data corruption. These attacks rely on the attacker's ability to guess or know the four-tuple (Source Address, Destination Address, Source port, Destination Port) that identifies the transport protocol instance to be attacked. While there have been a number of proposals to mitigate these Vulnerabilities, the most obvious mitigation -- TCP port randomization -- has been the one least engineered. In this paper we analyze a number of approaches for the random selection of client port numbers, such that the possibility of an attacker guessing the exact value is reduced. We discuss the potential interoperability problems that may arise from some port randomization algorithms that have been implemented in a number of popular operating systems, and propose a novel port randomization algorithm that provides the obfuscation while avoiding the interoperability problems that may be caused by other approaches. While port randomization is not a replacement for cryptographic methods, the described port number randomization algorithms provide improved security/obfuscation with very little effort and without any key management overhead. |
| publishDate |
2007 |
| dc.date.none.fl_str_mv |
2007 |
| dc.type.none.fl_str_mv |
info:eu-repo/semantics/conferenceObject info:eu-repo/semantics/publishedVersion Objeto de conferencia http://purl.org/coar/resource_type/c_5794 info:ar-repo/semantics/documentoDeConferencia |
| format |
conferenceObject |
| status_str |
publishedVersion |
| dc.identifier.none.fl_str_mv |
http://sedici.unlp.edu.ar/handle/10915/21698 |
| url |
http://sedici.unlp.edu.ar/handle/10915/21698 |
| dc.language.none.fl_str_mv |
eng |
| language |
eng |
| dc.rights.none.fl_str_mv |
info:eu-repo/semantics/openAccess http://creativecommons.org/licenses/by-nc-sa/2.5/ar/ Creative Commons Attribution-NonCommercial-ShareAlike 2.5 Argentina (CC BY-NC-SA 2.5) |
| eu_rights_str_mv |
openAccess |
| rights_invalid_str_mv |
http://creativecommons.org/licenses/by-nc-sa/2.5/ar/ Creative Commons Attribution-NonCommercial-ShareAlike 2.5 Argentina (CC BY-NC-SA 2.5) |
| dc.format.none.fl_str_mv |
application/pdf 136-146 |
| dc.source.none.fl_str_mv |
reponame:SEDICI (UNLP) instname:Universidad Nacional de La Plata instacron:UNLP |
| reponame_str |
SEDICI (UNLP) |
| collection |
SEDICI (UNLP) |
| instname_str |
Universidad Nacional de La Plata |
| instacron_str |
UNLP |
| institution |
UNLP |
| repository.name.fl_str_mv |
SEDICI (UNLP) - Universidad Nacional de La Plata |
| repository.mail.fl_str_mv |
alira@sedici.unlp.edu.ar |
| _version_ |
1843532043403657216 |
| score |
13.000565 |