full-disclosure-uk August 2008 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] Port Randomization: New re

[Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft

From: Fernando Gont <fernando.gont_at_nospam>
Date: Sun Aug 31 2008 - 13:14:52 GMT
To: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk


Hash: SHA256


We have published a revision of our IETF Internet-Draft about port randomization. It is available at:
http://www.gont.com.ar/drafts/port-randomization/draft-ietf-tsvwg-port-rand omization-02.txt (you can find the document in other fancy formats at: http://www.gont.com.ar/drafts/port-randomization/index.html)

This new revision of the document addresses the feedback we got from Amit Klein, Matthias Bethke, and Alfred Hoenes.

The abstract of the document is:
- ---- cut here ----

    Recently, awareness has been raised about a number of "blind" attacks     that can be performed against the Transmission Control Protocol (TCP)     and similar protocols. The consequences of these attacks range from     throughput-reduction to broken connections or data corruption. These     attacks rely on the attacker's ability to guess or know the fivetuple      (Protocol, Source Address, Destination Address, Source Port,     Destination Port) that identifies the transport protocol instance to     be attacked. This document describes a number of simple and     efficient methods for the random selection of the client port number,     such that the possibility of an attacker guessing the exact value is     reduced. While this is not a replacement for cryptographic methods,     the described port number randomization algorithms provide improved     security/obfuscation with very little effort and without any key     management overhead. The algorithms described in this document are     local policies that may be incrementally deployed, and that do not     violate the specifications of any of the transport protocols that may     benefit from them, such as TCP, UDP, UDP-lite, SCTP, DCCP, and RTP. - ---- cut here ----

Any comments will be more than welcome.


Kind regards,
- --
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1


Version: PGP Desktop 9.5.3 (Build 5003) - not licensed for commercial use: www.pgp.com

wsBVAwUBSLqZM5buqe/Qdv/xAQinYggA0q0ko/QOu4UBCYT8pVGrLL6N1sWJimOz wdVFXYcMyGiwxX4zb9ozqMmfnGHxsHSLJ9PMcA8BR9ToKgJ/ZwuVYFTMYj9WvyuP ZcXHr/e1R1JT4AJS305RGOwH+oZPk6szdn0im4Ax8yCFJnJRtD0Hc7IWDIomO93R jwfC2E1G4ElE343RX/mFjf2kzmjUOaoiM8MHxq9NZZRfliJbAdkDovtb3XKgiiU4 uFF+UEcC8Vkg/ISo9X5dlqJf4N3ogHaomfsaP8g5JZ6tP4kMZ1lmRvF8L2MAw0b4 wSyVp9yA4+vJ0w24bVDs/BPlicXUblUPZdmoKwzMCJck8AuvqL0c9A== =xta0
-- Fernando Gont e-mail: fernando@gont.com.ar || fgont@acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/