%!PS %%Version: 3.1 %%DocumentFonts: (atend) %%Pages: (atend) %%EndComments % % Version 3.1 prologue for troff files. % /#copies 1 store /aspectratio 1 def /formsperpage 1 def /landscape false def /linewidth .3 def /magnification 1 def /margin 0 def /orientation 0 def /resolution 720 def /xoffset 0 def /yoffset 0 def /roundpage true def /useclippath true def /pagebbox [0 0 612 792] def /R /Times-Roman def /I /Times-Italic def /B /Times-Bold def /BI /Times-BoldItalic def /H /Helvetica def /HI /Helvetica-Oblique def /HB /Helvetica-Bold def /HX /Helvetica-BoldOblique def /CW /Courier def /CO /Courier def /CI /Courier-Oblique def /CB /Courier-Bold def /CX /Courier-BoldOblique def /PA /Palatino-Roman def /PI /Palatino-Italic def /PB /Palatino-Bold def /PX /Palatino-BoldItalic def /Hr /Helvetica-Narrow def /Hi /Helvetica-Narrow-Oblique def /Hb /Helvetica-Narrow-Bold def /Hx /Helvetica-Narrow-BoldOblique def /KR /Bookman-Light def /KI /Bookman-LightItalic def /KB /Bookman-Demi def /KX /Bookman-DemiItalic def /AR /AvantGarde-Book def /AI /AvantGarde-BookOblique def /AB /AvantGarde-Demi def /AX /AvantGarde-DemiOblique def /NR /NewCenturySchlbk-Roman def /NI /NewCenturySchlbk-Italic def /NB /NewCenturySchlbk-Bold def /NX /NewCenturySchlbk-BoldItalic def /ZD /ZapfDingbats def /ZI /ZapfChancery-MediumItalic def /VR /Varitimes#Roman def /VI /Varitimes#Italic def /VB /Varitimes#Bold def /VX /Varitimes#BoldItalic def /S /S def /S1 /S1 def /GR /Symbol def /inch {72 mul} bind def /min {2 copy gt {exch} if pop} bind def /setup { counttomark 2 idiv {def} repeat pop landscape {/orientation 90 orientation add def} if /scaling 72 resolution div def linewidth setlinewidth 1 setlinecap pagedimensions xcenter ycenter translate orientation neg rotate width 2 div neg height 2 div translate xoffset inch yoffset inch neg translate margin 2 div dup neg translate magnification dup aspectratio mul scale scaling scaling scale /Symbol /S Sdefs cf /Times-Roman /S1 S1defs cf 0 0 moveto } def /pagedimensions { useclippath userdict /gotpagebbox known not and { /pagebbox [clippath pathbbox newpath] def roundpage currentdict /roundpagebbox known and {roundpagebbox} if } if pagebbox aload pop 4 -1 roll exch 4 1 roll 4 copy landscape {4 2 roll} if sub /width exch def sub /height exch def add 2 div /xcenter exch def add 2 div /ycenter exch def userdict /gotpagebbox true put } def /pagesetup { /page exch def currentdict /pagedict known currentdict page known and { page load pagedict exch get cvx exec } if } def /decodingdefs [ {counttomark 2 idiv {y moveto show} repeat} {neg /y exch def counttomark 2 idiv {y moveto show} repeat} {neg moveto {2 index stringwidth pop sub exch div 0 32 4 -1 roll widthshow} repeat} {neg moveto {spacewidth sub 0.0 32 4 -1 roll widthshow} repeat} {counttomark 2 idiv {y moveto show} repeat} {neg setfunnytext} ] def /setdecoding {/t decodingdefs 3 -1 roll get bind def} bind def /w {neg moveto show} bind def /m {neg dup /y exch def moveto} bind def /done {/lastpage where {pop lastpage} if} def /f { dup /font exch def findfont exch dup /ptsize exch def scaling div dup /size exch def scalefont setfont linewidth ptsize mul scaling 10 mul div setlinewidth /spacewidth ( ) stringwidth pop def } bind def /sf {f} bind def /cf { dup length 2 idiv /entries exch def /chtab exch def /newfont exch def findfont dup length 1 add dict /newdict exch def {1 index /FID ne {newdict 3 1 roll put} {pop pop} ifelse} forall newdict /Metrics entries dict put newdict /Metrics get begin chtab aload pop 1 1 entries {pop def} for newfont newdict definefont pop end } bind def % % A few arrays used to adjust reference points and character widths in some % of the printer resident fonts. If square roots are too high try changing % the lines describing /radical and /radicalex to, % % /radical [0 -75 550 0] % /radicalex [-50 -75 500 0] % /Sdefs [ /bracketlefttp [220 500] /bracketleftbt [220 500] /bracketrighttp [-70 380] /bracketrightbt [-70 380] /braceleftbt [220 490] /bracketrightex [220 -125 500 0] /radical [0 0 550 0] /radicalex [-50 0 500 0] /parenleftex [-20 -170 0 0] /integral [100 -50 500 0] /infinity [10 -75 730 0] ] def /S1defs [ /underscore [0 80 500 0] /endash [7 90 650 0] ] def %%EndProlog %%BeginSetup mark /resolution 720 def setup 2 setdecoding %%EndSetup %%Page: 1 1 save mark 1 pagesetup 12 B f (Security Problems in the TCP/IP Protocol Suite)6 2502 1 1629 840 t 11 I f (S.M. Bellovin*)1 659 1 2550 1020 t (smb)2408 1140 w 11 S1 f (@)2585 1140 w 11 I f (ulysses.att.com)2686 1140 w 10 R f (AT&T Bell Laboratories)2 1009 1 2375 1320 t (Murray Hill, New Jersey 07974)4 1299 1 2230 1440 t 10 I f (ABSTRACT)2643 1680 w 10 R f ( developed)1 462(The TCP/IP protocol suite, which is very widely used today, was)10 2858 2 1220 1980 t ( that, there are a)4 707( Despite)1 380( of the Department of Defense.)5 1320(under the sponsorship)2 913 4 1220 2100 t ( in the protocols, regardless of the)6 1530(number of serious security \257aws inherent)5 1790 2 1220 2220 t ( describe a variety of attacks based on)7 1620( We)1 211( implementations.)1 732(correctness of any)2 757 4 1220 2340 t ( spoo\256ng, routing attacks, source address)5 1695(these \257aws, including sequence number)4 1625 2 1220 2460 t ( also present defenses against these)5 1550( We)1 225( authentication attacks.)2 976(spoo\256ng, and)1 569 4 1220 2580 t ( a discussion of broad-spectrum defenses such as)7 2171(attacks, and conclude with)3 1149 2 1220 2700 t (encryption.)1220 2820 w 9 B f (1. INTRODUCTION)1 848 1 720 3060 t 10 R f ( protocol suite)2 604(The TCP/IP)1 496 2 720 3240 t 7 R f ([1][2])1820 3200 w 10 R f (, which is very widely used today, was developed under the sponsorship)11 3058 1 1982 3240 t ( \257aws inherent in the)4 878( that, there are a number of serious security)8 1814( Despite)1 374(of the Department of Defense.)4 1254 4 720 3360 t ( these \257aws exist because hosts rely on IP source address for authentication; the)13 3485( of)1 130(protocols. Some)1 705 3 720 3480 t (Berkeley ``)1 465 1 720 3600 t 10 I f (r)1185 3600 w 10 R f (-utilities'')1224 3600 w 7 R f ([3])1624 3560 w 10 R f ( exist because network control mechanisms, and)6 2017( Others)1 339( example.)1 403(are a notable)2 537 4 1744 3600 t (in particular routing protocols, have minimal or non-existent authentication.)8 3100 1 720 3720 t ( complete)1 420(When describing such attacks, our basic assumption is that the attacker has more or less)14 3900 2 720 3900 t ( may be due to \257aws in that machine's own)9 1851( This)1 249( Internet.)1 373(control over some machine connected to the)6 1847 4 720 4020 t ( be because that machine is a microcomputer, and inherently)9 2813(protection mechanisms, or it may)4 1507 2 720 4140 t ( the attacker may even be a rogue system administrator.)9 2295(unprotected. Indeed,)1 858 2 720 4260 t 9 B f (1.1 Exclusions)1 583 1 720 4440 t 10 R f ( protocols, such as those used by)6 1403(We are not concerned with \257aws in particular implementations of the)10 2917 2 720 4620 t (the Internet ``worm'')2 893 1 720 4740 t 7 R f ([4][5][6])1613 4700 w 10 R f ( As)1 192( we discuss generic problems with the protocols themselves.)8 2595(. Rather,)1 397 3 1856 4740 t ( Some)1 299( of these problems.)3 799(will be seen, careful implementation techniques can alleviate or prevent some)10 3222 3 720 4860 t ( version of the U)4 707(of the protocols we discuss are derived from Berkeley's)8 2308 2 720 4980 t 8 R f (NIX)3735 4980 w 8 S f (\322)3877 4930 w 10 R f (system; others are generic)3 1066 1 3974 4980 t (Internet protocols.)1 740 1 720 5100 t ( altered or)2 442(We are also not concerned with classic network attacks, such as physical eavesdropping, or)13 3878 2 720 5280 t ( so far as they are facilitated or possible because)9 2051( discuss such problems only in)5 1300( We)1 211(injected messages.)1 758 4 720 5400 t (of protocol problems.)2 879 1 720 5520 t ( do discuss some)3 774( We)1 229( discussion here of vendor-speci\256c protocols.)5 1973(For the most part, there is no)6 1344 4 720 5700 t ( facto standards for many vendors, and)6 1627(problems with Berkeley's protocols, since these have become de)8 2693 2 720 5820 t (not just for U)3 560 1 720 5940 t 8 R f (NIX)1280 5940 w 10 R f (systems.)1455 5940 w 9 B f ( SEQUENCE NUMBER PREDICTION)3 1560(2. TCP)1 308 2 720 6180 t 10 R f (One of the more fascinating security holes was \256rst described by Morris)11 3200 1 720 6360 t 7 R f ([7])3920 6320 w 10 R f ( TCP)1 239( he used)2 385(. Brie\257y,)1 415 3 4001 6360 t ( ever receiving any responses)4 1246(sequence number prediction to construct a TCP packet sequence without)9 3074 2 720 6480 t ( allowed him to spoof a trusted host on a local network.)11 2308( This)1 244(from the server.)2 650 3 720 6600 t 8 S1 f (__________________)720 6780 w 8 R f ( address: Room 3C-536B AT&T Bell Laboratories, 600 Mountain Avenue, Murray Hill, New Jersey 07974.)14 3535(* Author's)1 409 2 720 6900 t 10 B f (Reprinted from Computer Communication Review, Vol. 19, No. 2, pp. 32-48, April 1989.)12 3871 1 720 7462 t cleartomark showpage restore %%EndPage: 1 1 %%Page: 2 2 save mark 2 pagesetup 10 R f (- 2 -)2 182 1 2789 480 t ( client selects and)3 737( The)1 223( handshake.)1 481(The normal TCP connection establishment sequence involves a 3-way)8 2879 4 720 960 t ( sequence number)2 774(transmits an initial)2 801 2 720 1080 t 10 I f (ISN)2347 1080 w 7 I f (C)2508 1100 w 10 R f (, the server acknowledges it and sends its own sequence)9 2477 1 2563 1080 t (number)720 1200 w 10 I f (ISN)1060 1200 w 7 I f (S)1221 1220 w 10 R f ( transmission may)2 750( those three messages, data)4 1118( Following)1 480(, and the client acknowledges that.)5 1428 4 1264 1200 t ( exchange may be shown schematically as follows:)7 2094( The)1 221(take place.)1 434 3 720 1320 t 10 I f (C)870 1500 w 10 S f (\256)945 1500 w 10 I f (S)1052 1500 w 10 R f (:)1110 1500 w 10 I f (SYN)1146 1500 w 10 R f (\()1327 1500 w 10 I f (ISN)1368 1500 w 7 I f (C)1529 1520 w 10 R f (\))1592 1500 w 10 I f (S)870 1620 w 10 S f (\256)928 1620 w 10 I f (C)1035 1620 w 10 R f (:)1110 1620 w 10 I f (SYN)1146 1620 w 10 R f (\()1327 1620 w 10 I f (ISN)1368 1620 w 7 I f (S)1529 1640 w 10 R f (\) ,)1 74 1 1580 1620 t 10 I f (ACK)1662 1620 w 10 R f (\()1865 1620 w 10 I f (ISN)1906 1620 w 7 I f (C)2067 1640 w 10 R f (\))2130 1620 w 10 I f (C)870 1740 w 10 S f (\256)945 1740 w 10 I f (S)1052 1740 w 10 R f (:)1110 1740 w 10 I f (ACK)1146 1740 w 10 R f (\()1349 1740 w 10 I f (ISN)1390 1740 w 7 I f (S)1551 1760 w 10 R f (\))1602 1740 w 10 I f (C)870 1860 w 10 S f (\256)945 1860 w 10 I f (S)1052 1860 w 10 R f (:)1110 1860 w 10 I f (data)1146 1860 w (and / or)2 283 1 1075 1980 t (S)870 2100 w 10 S f (\256)928 2100 w 10 I f (C)1035 2100 w 10 R f (:)1110 2100 w 10 I f (data)1146 2100 w 10 R f (That is, for a conversation to take place,)7 1655 1 720 2280 t 10 I f (C)2408 2280 w 10 R f (must \256rst hear)2 588 1 2508 2280 t 10 I f (ISN)3129 2280 w 7 I f (S)3290 2300 w 10 R f (, a more or less random number.)6 1340 1 3333 2280 t ( was a way for an intruder)6 1107(Suppose, though, that there)3 1121 2 720 2460 t 10 I f (X)2984 2460 w 10 R f (to)3081 2460 w 10 I f (predict ISN)1 469 1 3195 2460 t 7 I f (S)3675 2480 w 10 R f ( that case, it could send the)6 1145(. In)1 177 2 3718 2460 t (following sequence to impersonate trusted host)5 1924 1 720 2580 t 10 I f (T)2677 2580 w 10 R f (:)2733 2580 w 10 I f (X)870 2760 w 10 S f (\256)939 2760 w 10 I f (S)1046 2760 w 10 R f (:)1104 2760 w 10 I f (SYN)1140 2760 w 10 R f (\()1321 2760 w 10 I f (ISN)1362 2760 w 7 I f (X)1523 2780 w 10 R f (\) ,)1 74 1 1582 2760 t 10 I f (SRC)1664 2760 w 10 S f (=)1866 2760 w 10 I f (T)1937 2760 w (S)875 2880 w 10 S f (\256)933 2880 w 10 I f (T)1040 2880 w 10 R f (:)1104 2880 w 10 I f (SYN)1140 2880 w 10 R f (\()1321 2880 w 10 I f (ISN)1362 2880 w 7 I f (S)1523 2900 w 10 R f (\) ,)1 74 1 1574 2880 t 10 I f (ACK)1656 2880 w 10 R f (\()1859 2880 w 10 I f (ISN)1900 2880 w 7 I f (X)2061 2900 w 10 R f (\))2120 2880 w 10 I f (X)870 3000 w 10 S f (\256)939 3000 w 10 I f (S)1046 3000 w 10 R f (:)1104 3000 w 10 I f (ACK)1140 3000 w 10 R f (\()1343 3000 w 10 I f (ISN)1384 3000 w 7 I f (S)1545 3020 w 10 R f (\) ,)1 74 1 1596 3000 t 10 I f (SRC)1678 3000 w 10 S f (=)1880 3000 w 10 I f (T)1951 3000 w (X)870 3120 w 10 S f (\256)939 3120 w 10 I f (S)1046 3120 w 10 R f (:)1104 3120 w 10 I f (ACK)1140 3120 w 10 R f (\()1343 3120 w 10 I f (ISN)1384 3120 w 7 I f (S)1545 3140 w 10 R f (\) ,)1 74 1 1596 3120 t 10 I f (SRC)1678 3120 w 10 S f (=)1880 3120 w 10 I f (T)1951 3120 w 10 R f (,)2015 3120 w 10 I f (nasty)2048 3120 w 10 S f (-)2283 3120 w 10 I f (data)2354 3120 w 10 R f (Even though the message)3 1042 1 720 3300 t 10 I f (S)1795 3300 w 10 S f (\256)1853 3300 w 10 I f (T)1960 3300 w 10 R f (does not go to)3 588 1 2049 3300 t 10 I f (X)2670 3300 w 10 R f (,)2731 3300 w 10 I f (X)2789 3300 w 10 R f ( contents, and hence could send)5 1309(was able to know its)4 848 2 2883 3300 t (data. If)1 348 1 720 3420 t 10 I f (X)1126 3420 w 10 R f ( this attack on a connection that allows command execution \(i.e., the)11 3087(were to perform)2 708 2 1245 3420 t (Berkeley)720 3540 w 10 I f (rsh)1113 3540 w 10 R f (server\), malicious commands could be executed.)5 1983 1 1274 3540 t (How, then, to predict the random)5 1428 1 720 3720 t 10 I f (ISN)2194 3720 w 10 R f ( the initial sequence number variable is)6 1696( Berkeley systems,)2 794(? In)1 206 3 2344 3720 t ( each time a connection is)5 1104(incremented by a constant amount once per second, and by half that amount)12 3216 2 720 3840 t ( if one initiates a legitimate connection and observes the)9 2388(initiated. Thus,)1 652 2 720 3960 t 10 I f (ISN)3801 3960 w 7 I f (S)3962 3980 w 10 R f ( can calculate,)2 601(used, one)1 393 2 4046 3960 t (with a high degree of con\256dence,)5 1370 1 720 4080 t 10 I f (ISN)2123 4080 w 7 I f (S)2278 4099 w 7 S f (\242)2278 4040 w 10 R f (used on the next connection attempt.)5 1505 1 2354 4080 t (Morris points out that the reply message)6 1658 1 720 4260 t 10 I f (S)870 4440 w 10 S f (\256)928 4440 w 10 I f (T)1035 4440 w 10 R f (:)1099 4440 w 10 I f (SYN)1135 4440 w 10 R f (\()1316 4440 w 10 I f (ISN)1357 4440 w 7 I f (S)1518 4460 w 10 R f (\) ,)1 74 1 1569 4440 t 10 I f (ACK)1651 4440 w 10 R f (\()1854 4440 w 10 I f (ISN)1895 4440 w 7 I f (X)2056 4460 w 10 R f (\))2115 4440 w (does not in fact vanish down a black hole; rather, the real host)12 2608 1 720 4620 t 10 I f (T)3364 4620 w 10 R f ( the)1 159(will receive it and attempt to reset)6 1425 2 3456 4620 t ( impersonating a server port on)5 1305( found that by)3 597( Morris)1 343( is not a serious obstacle.)5 1064(connection. This)1 712 5 720 4740 t 10 I f (T)4778 4740 w 10 R f (, and)1 206 1 4834 4740 t ( generate queue over\257ows that would)5 1579(by \257ooding that port with apparent connection requests, he could)9 2741 2 720 4860 t (make it likely that the)4 912 1 720 4980 t 10 I f (S)1667 4980 w 10 S f (\256)1725 4980 w 10 I f (T)1832 4980 w 10 R f ( one could wait until)4 858( Alternatively,)1 619( be lost.)2 332(message would)1 623 4 1923 4980 t 10 I f (T)4389 4980 w 10 R f (was down for)2 561 1 4479 4980 t (routine maintenance or a reboot.)4 1326 1 720 5100 t (A variant on this TCP sequence number attack, not described by Morris, exploits the)13 3577 1 720 5280 t 10 I f (netstat)4337 5280 w 7 R f ([8])4612 5240 w 10 R f (service.)4733 5280 w ( If)1 136(In this attack, the intruder impersonates a host that is down.)10 2501 2 720 5400 t 10 I f (netstat)3394 5400 w 10 R f ( the target host, it)4 741(is available on)2 601 2 3698 5400 t ( port; this eliminates all need to)6 1423(may supply the necessary sequence number information on another)8 2897 2 720 5520 t (guess)720 5640 w 7 R f (1)942 5600 w 10 R f (.)977 5640 w 9 B f (Defenses)720 5820 w 10 R f ( the relatively coarse rate of change of the initial sequence number)11 2838(Obviously, the key to this attack is)6 1482 2 720 5940 t ( TCP speci\256cation requires that this variable be incremented)8 2741( The)1 255(variable on Berkeley systems.)3 1324 3 720 6060 t ( the critical)2 485( However,)1 466( is using a much slower rate.)6 1248(approximately 250,000 times per second; Berkeley)5 2121 4 720 6180 t ( second in)2 451( change from an increment of 128 per)7 1672( The)1 237(factor is the granularity, not the average rate.)7 1960 4 720 6300 t (4.2)720 6420 w 8 R f (BSD)845 6420 w 10 R f (to 125,000 per second in 4.3)5 1190 1 1038 6420 t 8 R f (BSD)2228 6420 w 10 R f (is meaningless, even though the latter is within a factor of two)11 2618 1 2422 6420 t (of the speci\256ed rate.)3 833 1 720 6540 t 8 S1 f (__________________)720 6807 w 8 R f (1. The)1 250 1 720 6927 t 8 I f (netstat)996 6927 w 8 R f ( concerns were not behind its elimination.)6 1368( Security)1 317(protocol is obsolete, but is still present on some Internet hosts.)10 2044 3 1234 6927 t cleartomark showpage restore %%EndPage: 2 2 %%Page: 3 3 save mark 3 pagesetup 10 R f (- 3 -)2 182 1 2789 480 t ( simplicity's)1 513( For)1 212( a true 250,000 hz rate would help.)7 1494(Let us consider whether a counter that operated at)8 2101 4 720 960 t ( rate of)2 324(sake, we will ignore the problem of other connections occurring, and only consider the \256xed)14 3996 2 720 1080 t (change of this counter.)3 933 1 720 1200 t (To learn a current sequence number, one must send a SYN packet, and receive a response, as follows:)17 4203 1 720 1380 t 10 I f (X)870 1560 w 10 S f (\256)939 1560 w 10 I f (S)1046 1560 w 10 R f (:)1104 1560 w 10 I f (SYN)1181 1560 w 10 R f (\()1362 1560 w 10 I f (ISN)1403 1560 w 7 I f (X)1564 1580 w 10 R f (\))1623 1560 w 10 I f (S)870 1680 w 10 S f (\256)928 1680 w 10 I f (X)1035 1680 w 10 R f (:)1104 1680 w 10 I f (SYN)1181 1680 w 10 R f (\()1362 1680 w 10 I f (ISN)1403 1680 w 7 I f (S)1564 1700 w 10 R f (\) ,)1 74 1 1615 1680 t 10 I f (ACK)1697 1680 w 10 R f (\()1900 1680 w 10 I f (ISN)1941 1680 w 7 I f (X)2102 1700 w 10 R f (\) \(1\))1 2879 1 2161 1680 t ( follow)1 302(The \256rst spoof packet, which triggers generation of the next sequence number, can immediately)13 4018 2 720 1860 t (the server's response to the probe packet:)6 1699 1 720 1980 t 10 I f (X)870 2160 w 10 S f (\256)939 2160 w 10 I f (S)1046 2160 w 10 R f (:)1104 2160 w 10 I f (SYN)1181 2160 w 10 R f (\()1362 2160 w 10 I f (ISN)1403 2160 w 7 I f (X)1564 2180 w 10 R f (\) ,)1 74 1 1623 2160 t 10 I f (SRC)1705 2160 w 10 S f (=)1907 2160 w 10 I f (T)1978 2160 w 10 R f (\(2\))4924 2160 w (The sequence number)2 891 1 720 2340 t 10 I f (ISN)1644 2340 w 7 I f (S)1805 2360 w 10 R f (used in the response)3 831 1 1881 2340 t 10 I f (S)870 2520 w 10 S f (\256)928 2520 w 10 I f (T)1035 2520 w 10 R f (:)1099 2520 w 10 I f (SYN)1176 2520 w 10 R f (\()1357 2520 w 10 I f (ISN)1398 2520 w 7 I f (S)1559 2540 w 10 R f (\) ,)1 74 1 1610 2520 t 10 I f (ACK)1692 2520 w 10 R f (\()1895 2520 w 10 I f (ISN)1936 2520 w 7 I f (X)2097 2540 w 10 R f (\))2156 2520 w ( receipt at the server)4 864(is uniquely determined by the time between the origination of message \(1\) and the)13 3456 2 720 2700 t ( this number is precisely the round-trip time between)8 2202( But)1 214(of message \(1\).)2 634 3 720 2820 t 10 I f (X)3806 2820 w 10 R f (and)3903 2820 w 10 I f (S)4083 2820 w 10 R f ( the spoofer)2 491( if)1 97(. Thus,)1 319 3 4133 2820 t (can accurately measure \(and predict\) that time, even a 4)9 2298 1 720 2940 t 10 S f (m)3051 2940 w 10 R f (-second clock will not defeat this attack.)6 1659 1 3109 2940 t ( stability is good, we can probably)6 1488( we assume that)3 689( If)1 142(How accurately can the trip time be measured?)7 2001 4 720 3120 t ( does not exhibit such stability over the)7 1730( the Internet)2 530( Clearly,)1 401(bound it within 10 milliseconds or so.)6 1659 4 720 3240 t (long-term)720 3360 w 7 R f ([9])1114 3320 w 10 R f (, but it is often good enough over the short term.)10 2012 1 1195 3360 t 7 R f (2)3207 3320 w 10 R f (There is thus an uncertainty of 2500 in the)8 1764 1 3276 3360 t (possible value for)2 740 1 720 3480 t 10 I f (ISN)1499 3480 w 7 I f (S)1660 3500 w 10 R f ( each trial takes 5 seconds, to allow time to re-measure the round-trip time,)13 3174(. If)1 163 2 1703 3480 t ( reasonable likelihood of succeeding in 7500 seconds, and a near-certainty)10 3228(an intruder would have a)4 1092 2 720 3600 t ( measurements, would)2 930( predictable \(i.e., higher quality\) networks, or more accurate)8 2543( More)1 292(within a day.)2 555 4 720 3720 t ( simply following the letter of the TCP)7 1672( Clearly,)1 394(improve the odds even further in the intruder's favor.)8 2254 3 720 3840 t (speci\256cation is not good enough.)4 1351 1 720 3960 t ( fact, some)2 485( In)1 166(We have thus far tacitly assumed that no processing takes places on the target host.)14 3669 3 720 4140 t ( this processing is)3 747(processing does take place when a new request comes in; the amount of variability in)14 3573 2 720 4260 t ( one tick \320 4)4 632( a 6 MIPS machine,)4 875(critical. On)1 503 3 720 4380 t 10 S f (m)2777 4380 w 10 R f ( is thus)2 328( There)1 312(-seconds \320 is about 25 instructions.)5 1565 3 2835 4380 t ( interrupts, or a slightly)4 1040( High-priority)1 617(considerable sensitivity to the exact instruction path followed.)7 2663 3 720 4500 t ( next)1 208(different TCB allocation sequence, will have a comparatively large effect on the actual value of the)15 4112 2 720 4620 t ( should be)2 463( It)1 145( is of considerable advantage to the target.)7 1867( randomizing effect)2 835( This)1 263(sequence number.)1 747 6 720 4740 t (noted, though, that faster machines are)5 1699 1 720 4860 t 10 I f (more)2475 4860 w 10 R f ( attack, since the variability of the)6 1548(vulnerable to this)2 756 2 2736 4860 t ( of course, CPU speeds)4 961( And)1 238( less real time, and hence affect the increment less.)9 2097(instruction path will take)3 1024 4 720 4980 t (are increasing rapidly.)2 905 1 720 5100 t ( be)1 136( must)1 236( Care)1 262( the increment.)2 628( randomizing)1 579(This suggests another solution to sequence number attacks:)7 2479 6 720 5280 t ( granularity)1 475(taken to use suf\256cient bits; if, say, only the low-order 8 bits were picked randomly, and the)16 3845 2 720 5400 t ( combination of a)3 747( A)1 145( only multiplied by 256.)4 1025(of the increment was coarse, the intruder's work factor is)9 2403 4 720 5520 t ( a 32-bit generator, is better.)5 1233(\256ne-granularity increment and a small random number generator, or just)9 3087 2 720 5640 t ( that many pseudo-random number generators are easily invertible)8 2786(Note, though,)1 563 2 720 5760 t 7 R f ([10])4069 5720 w 10 R f ( fact, given that)3 672(. In)1 183 2 4185 5760 t ( the enemy could simply compute the next)7 1878(most such generators work via feedback of their output,)8 2442 2 720 5880 t ( hybrid techniques have promise \320 using a 32-bit generator, for)10 2675( Some)1 297( to be picked.)3 571(``random'' number)1 777 4 720 6000 t ( brute-force attacks could succeed at determining the seed.)8 2399(example, but only emitting 16 bits of it \320 but)9 1921 2 720 6120 t ( perhaps more, to defeat probes)5 1327(One would need at least 16 bits of random data in each increment, and)13 2993 2 720 6240 t ( More)1 300( the seed.)2 426(from the network, but that might leave too few bits to guard against a search for)15 3594 3 720 6360 t (research or simulations are needed to determine the proper parameters.)9 2897 1 720 6480 t 8 S1 f (__________________)720 6717 w 8 R f ( is not)2 209( It)1 101( such stability even over the short-term, especially on long-haul connections.)10 2512( the moment, the Internet may not have)7 1292(2. At)1 206 5 720 6837 t (comforting to know that the security of a network relies on its low quality of service.)15 2789 1 846 6927 t cleartomark showpage restore %%EndPage: 3 3 %%Page: 4 4 save mark 4 pagesetup 10 R f (- 4 -)2 182 1 2789 480 t ( a cryptographic algorithm \(or device\) for)6 1818(Rather than go to such lengths, it is simpler to use)10 2247 2 720 960 t 10 I f (ISN)4836 960 w 7 I f (S)4997 980 w 10 R f ( Standard)1 405( Data Encryption)2 730(generation. The)1 683 3 720 1080 t 7 R f ([11])2538 1040 w 10 R f (\(DES\) in)1 383 1 2704 1080 t 10 I f (electronic codebook mode)2 1097 1 3137 1080 t 7 R f ([12])4242 1040 w 10 R f (is an attractive)2 632 1 4408 1080 t (choice as the)2 543 1 720 1200 t 10 I f (ISN)1302 1200 w 7 I f (S)1463 1220 w 10 R f ( DES could be used in)5 956( Alternatively,)1 624(source, with a simple counter as input.)6 1621 3 1545 1200 t 10 I f (output)4784 1200 w (feedback mode)1 614 1 720 1320 t 10 R f ( way, great care must be taken to select the key)10 2081( Either)1 322(without an additional counter.)3 1259 3 1378 1320 t ( information about reboot times is)5 1418( time-of-day at boot time is not adequate; suf\256ciently good)9 2468(used. The)1 434 3 720 1440 t ( reboot time is)3 635( however, the)2 578( If,)1 168(often available to an intruder, thereby permitting a brute-force attack.)9 2939 4 720 1560 t (encrypted with a per-host secret key, the generator cannot be cracked with any reasonable effort.)14 3966 1 720 1680 t ( sequence numbers are)3 977( New)1 270( a problem.)2 500(Performance of the initial sequence number generator is not)8 2573 4 720 1860 t ( suf\256ce. Encryption)2 815(needed only once per connection, and even a software implementation of DES will)12 3505 2 720 1980 t (times of 2.3 milliseconds on a 1 MIPS processor have been reported)11 2812 1 720 2100 t 7 R f ([13])3532 2060 w 10 R f (.)3648 2100 w ( of the round-trip)3 724( Measurements)1 653(An additional defense involves good logging and alerting mechanisms.)8 2943 3 720 2280 t ( likely be carried out using ICMP)6 1446(time \320 essential for attacking RFC-compliant hosts \320 would most)9 2874 2 720 2400 t 10 I f (Ping)720 2520 w 10 R f ( perhaps more)2 629( Other,)1 342(messages; a ``transponder'' function could log excessive ping requests.)8 3103 3 966 2520 t ( connections)1 511(applicable, timing measurement techniques would involve attempted TCP connections; these)9 3809 2 720 2640 t ( not even complete)3 784(are conspicuously short-lived, and may)4 1599 2 720 2760 t 10 I f (SYN)3137 2760 w 10 R f ( spoo\256ng an active)3 779(processing. Similarly,)1 917 2 3344 2760 t (host will eventually generate unusual types of)6 1903 1 720 2880 t 10 I f (RST)2660 2880 w 10 R f ( and should be)3 613(packets; these should not occur often,)5 1563 2 2864 2880 t (logged.)720 3000 w 9 B f ( JOY OF ROUTING)3 825(3. THE)1 318 2 720 3240 t 10 R f ( the routing mechanisms and protocols is probably the simplest protocol-based attack available.)12 3947(Abuse of)1 373 2 720 3420 t ( of these)2 370( Some)1 302( do this, depending on the exact routing protocols used.)9 2356(There are a variety of ways to)6 1292 4 720 3540 t ( the remote host does source address-based authentication; others can be used for)12 3381(attacks succeed only if)3 939 2 720 3660 t (more powerful attacks.)2 933 1 720 3780 t ( can also be used to accomplish denial of service by confusing)11 2619(A number of the attacks described below)6 1701 2 720 3960 t ( details are straight-forward corollaries of the penetration)7 2399( The)1 230( on a host or gateway.)5 961(the routing tables)2 730 4 720 4080 t (mechanisms, and will not be described further.)6 1917 1 720 4200 t 9 B f ( Routing)1 340(3.1 Source)1 438 2 720 4380 t 10 R f ( that the target host uses the)6 1200( Assume)1 395( to abuse is IP source routing.)6 1275(If available, the easiest mechanism)4 1450 4 720 4560 t ( behavior is utterly)3 797( Such)1 273(reverse of the source route provided in a TCP open request for return traf\256c.)13 3250 3 720 4680 t ( some reason \320 say,)4 865(reasonable; if the originator of the connection wishes to specify a particular path for)13 3455 2 720 4800 t ( the originator if a different path is)7 1588(because the automatic route is dead \320 replies may not reach)10 2732 2 720 4920 t (followed.)720 5040 w ( source address desired, including that of a trusted machine on the)11 2865(The attacker can then pick any IP)6 1455 2 720 5220 t ( facilities available to such machines become available to the attacker.)10 2882( Any)1 238(target's local network.)2 911 3 720 5340 t 9 B f (Defenses)720 5520 w 10 R f ( the gateways into the)4 927( best idea would be for)5 977( The)1 226(It is rather hard to defend against this sort of attack.)10 2190 4 720 5640 t ( is less practical than it)5 1018( This)1 257( local net.)2 433(local net to reject external packets that claim to be from the)11 2612 4 720 5760 t (might seem since some Ethernet)4 1361 1 720 5880 t 7 R f (3)2081 5840 w 10 R f ( is)1 110(network adapters receive their own transmissions, and this feature)8 2772 2 2158 5880 t ( solution fails completely if an)5 1469( this)1 221( Furthermore,)1 633(relied upon by some higher-level protocols.)5 1997 4 720 6000 t ( users on the)3 541( Other)1 298( trusted networks connected via a multi-organization backbone.)7 2625(organization has two)2 856 4 720 6120 t (backbone may not be trustable to the same extent that local users are presumed to be, or perhaps their)18 4320 1 720 6240 t ( such topologies should be avoided in any event.)8 2004( Arguably,)1 468(vulnerability to outside attack is higher.)5 1628 3 720 6360 t ( might be to reject pre-authorized connections if source routing information was)11 3538(A simpler method)2 782 2 720 6540 t ( there are few legitimate reasons for using this IP option, especially for)12 3119( presumes that)2 627(present. This)1 574 3 720 6660 t 8 S1 f (__________________)720 6840 w 8 R f ( is a registered trademark of Xerox Corporation.)7 1573(3. Ethernet)1 395 2 720 6960 t cleartomark showpage restore %%EndPage: 4 4 %%Page: 5 5 save mark 5 pagesetup 10 R f (- 5 -)2 182 1 2789 480 t ( source route and)3 762( variation on this defense would be to analyze the)9 2202( A)1 155(relatively normal operations.)2 1201 4 720 960 t (accept it if only trusted gateways were listed; that way, the \256nal gateway could be counted on to deliver)18 4320 1 720 1080 t ( complexity of this idea is probably not worthwhile.)8 2138( The)1 221(the packet only to the true destination host.)7 1777 3 720 1200 t ( Berkeley's)1 466(Some protocols \(i.e.,)2 846 2 720 1380 t 10 I f (rlogin)2066 1380 w 10 R f (and)2345 1380 w 10 I f (rsh)2523 1380 w 10 R f (\) permit ordinary users to extend trust to remote host/user)9 2381 1 2659 1380 t ( entire system, may be targeted by source)7 1792( that case, individual users, rather than an)7 1802(combinations. In)1 726 3 720 1500 t (routing attacks.)1 626 1 720 1620 t 7 R f (4)1346 1580 w 10 R f (Suspicious gateways)1 840 1 1416 1620 t 7 R f ([14])2256 1580 w 10 R f ( within)1 292(will not help here, as the host being spoofed may not be)11 2341 2 2407 1620 t (the security domain protected by the gateways.)6 1925 1 720 1740 t 9 B f ( Information Protocol Attacks)3 1180(3.2 Routing)1 483 2 720 1920 t 10 R f (The)720 2100 w 10 I f (Routing Information Protocol)2 1223 1 914 2100 t 7 R f ([15])2145 2060 w 10 R f (\(RIP\) is used to propagate routing information on local networks,)9 2740 1 2300 2100 t ( allows an intruder)3 794( This)1 252( is unchecked.)2 600( the information received)3 1057( Typically,)1 483(especially broadcast media.)2 1134 6 720 2220 t ( of the gateways along the way, to)7 1553(to send bogus routing information to a target host, and to each)11 2767 2 720 2340 t ( most likely attack of this sort would be to claim a route to a)14 2810( The)1 242(impersonate a particular host.)3 1268 3 720 2460 t ( host, rather than to a network; this would cause all packets destined for that host to be)17 3621(particular unused)1 699 2 720 2580 t ( packets for an entire network might be too noticeable;)9 2470( \(Diverting)1 506(sent to the intruder's machine.)4 1344 3 720 2700 t ( this is done, protocols that rely on)7 1467( Once)1 280( is comparatively risk-free.\))3 1144(impersonating an idle work-station)3 1429 4 720 2820 t (address-based authentication are effectively compromised.)4 2373 1 720 2940 t ( that the)2 356( Assume)1 397( serious, bene\256ts to the attacker as well.)7 1708(This attack can yield more subtle, and more)7 1859 4 720 3120 t ( packets for that host will be routed)7 1489( All)1 197( instead.)1 344(attacker claims a route to an active host or workstation)9 2290 4 720 3240 t ( using IP source)3 695( are then resent,)3 682( They)1 280(to the intruder's machine for inspection and possible alteration.)8 2663 4 720 3360 t ( sensitive)1 383( outsider may thus capture passwords and other)7 1957( An)1 189(address routing, to the intended destination.)5 1791 4 720 3480 t ( thus, a user calling out)5 1027( mode of attack is unique in that it affects outbound calls as well;)13 2847(data. This)1 446 3 720 3600 t ( of the earlier attacks discussed)5 1324( Most)1 280( divulging a password.)3 953(from the targeted host can be tricked into)7 1763 4 720 3720 t (are used to forge a source address; this one is focused on the destination address.)14 3336 1 720 3840 t 9 B f (Defenses)720 4020 w 10 R f ( is somewhat easier to defend against than the source-routing attacks, though some defenses)13 3788(A RIP attack)2 532 2 720 4140 t ( based on source or destination address \320)7 1802( paranoid gateway \320 one that \256lters packets)7 1903( A)1 148(are similar.)1 467 4 720 4260 t ( form of host-spoo\256ng \(including TCP sequence number attacks\), since the offending)11 3698(will block any)2 622 2 720 4380 t ( there are other ways to deal with RIP problems.)9 2002( But)1 211(packets can never make it through.)5 1431 3 720 4500 t ( most environments, there is)4 1182( In)1 154(One defense is for RIP to be more skeptical about the routes it accepts.)13 2984 3 720 4680 t ( can)1 178( router that makes this check)5 1225( A)1 146(no good reason to accept new routes to your own local networks.)11 2771 4 720 4800 t ( some implementations rely on hearing their own)7 2249( Unfortunately,)1 684( attempts.)1 430(easily detect intrusion)2 957 4 720 4920 t ( that they)2 408( idea, presumably, is)3 881( The)1 232(broadcasts to retain their knowledge of directly-attached networks.)7 2799 4 720 5040 t ( fault-tolerance is in general a good idea,)7 1748( While)1 318(can use other networks to route around local outages.)8 2254 3 720 5160 t (the actual utility of this technique is low in many environments compared with the risks.)14 3646 1 720 5280 t ( absence of inexpensive public-key)4 1502(It would be useful to be able to authenticate RIP packets; in the)12 2818 2 720 5460 t ( if it were done, its utility is limited; a)9 1602( Even)1 273( protocol.)1 393(signature schemes, this is dif\256cult for a broadcast)7 2052 4 720 5580 t ( turn may have been deceived by gateways)7 1779(receiver can only authenticate the immediate sender, which in)8 2541 2 720 5700 t (further upstream.)1 695 1 720 5820 t ( the)1 208( risk:)1 231(Even if the local routers don't implement defense mechanisms, RIP attacks carry another)12 3881 3 720 6000 t ( router \(as opposed to host\) that receives such)8 1952( Any)1 246( area.)1 231(bogus routing entries are visible over a wide)7 1891 4 720 6120 t ( of networks)2 529(data will rebroadcast it; a suspicious administrator almost anywhere on the local collection)12 3791 2 720 6240 t ( would help, but it is hard to distinguish a genuine)10 2253( log generation)2 651( Good)1 306(could notice the anomaly.)3 1110 4 720 6360 t (intrusion from the routing instability that can accompany a gateway crash.)10 3045 1 720 6480 t 8 S1 f (__________________)720 6717 w 8 R f ( such)1 187( But)1 183( of abuse of the protocols.)5 931( ordinary users to extend trust is probably wrong in any event, regardless)12 2557(4. Permitting)1 462 5 720 6837 t (concerns are beyond the scope of this paper.)7 1450 1 846 6927 t cleartomark showpage restore %%EndPage: 5 5 %%Page: 6 6 save mark 6 pagesetup 10 R f (- 6 -)2 182 1 2789 480 t 9 B f ( Gateway Protocol)2 725(3.3 Exterior)1 498 2 720 960 t 10 R f (The)720 1140 w 10 I f (Exterior Gateway Protocol)2 1132 1 922 1140 t 10 R f (\(EGP\))2101 1140 w 7 R f ([16])2356 1100 w 10 R f (is intended for communications between the core gateways)7 2520 1 2520 1140 t (and so-called)1 563 1 720 1260 t 10 I f (exterior gateways)1 747 1 1342 1260 t 10 R f ( after going through a)4 997( exterior gateway,)2 785(. An)1 239 3 2097 1260 t 10 I f (neighbor acquisition)1 864 1 4176 1260 t 10 R f ( serves.)1 318(protocol, is periodically polled by the core; it responds with information about the networks it)14 4002 2 720 1380 t (These networks must all be part of its)7 1585 1 720 1500 t 10 I f (autonomous system)1 792 1 2342 1500 t 10 R f ( requests)1 363( the gateway periodically)3 1042(. Similarly,)1 493 3 3142 1500 t ( is not normally sent except in response to a poll;)10 2200( Data)1 270(routing information from the core gateway.)5 1850 3 720 1620 t ( response, it is rather)4 873(furthermore, since each poll carries a sequence number that must be echoed by the)13 3447 2 720 1740 t ( gateways are allowed to send exactly one)7 1746( Exterior)1 395( route update.)2 566(dif\256cult for an intruder to inject a false)7 1613 4 720 1860 t ( the sequence number of the last poll)7 1593(spontaneous update between any two polls; this, too, must carry)9 2727 2 720 1980 t ( is thus comparatively dif\256cult to interfere in an on-going EGP conversation.)11 3157(received. It)1 489 2 720 2100 t ( attack would be to impersonate a second exterior gateway for the same autonomous)13 3771(One possible)1 549 2 720 2280 t ( list of legitimate)3 774( may not succeed, as the core gateways could be equipped with a)12 2975(system. This)1 571 3 720 2400 t ( if they were,)3 553( Even)1 272( checks are not currently done, however.)6 1671( Such)1 267( autonomous system.)2 860(gateways to each)2 697 6 720 2520 t (they could be authenticated only by source IP address.)8 2235 1 720 2640 t ( to claim reachability for some network where the real gateway is)11 2866(A more powerful attack would be)5 1454 2 720 2820 t ( is, if gateway)3 599(down. That)1 501 2 720 2940 t 10 I f (G)1858 2940 w 10 R f (normally handles traf\256c for network)4 1495 1 1968 2940 t 10 I f (N)3500 2940 w 10 R f (, and)1 206 1 3567 2940 t 10 I f (G)3810 2940 w 10 R f (is down, gateway)2 720 1 3919 2940 t 10 I f (G)4676 2940 w 10 S f (\242)4756 2940 w 10 R f (could)4818 2940 w ( The)1 234( would allow password capture by assorted mechanisms.)7 2410( This)1 257(advertise a route to that network.)5 1419 4 720 3060 t ( gateways must be on the)5 1072( exterior)1 381( against this attack is topological \(and quite restrictive\):)8 2324(main defense)1 543 4 720 3180 t ( host, but an existing)4 911(same network as the core; thus, the intruder would need to subvert not just any)14 3409 2 720 3300 t (gateway or host that is directly on the main net.)9 1970 1 720 3420 t ( the dif\256culty here is)4 879(A sequence number attack, similar to those used against TCP, might be attempted;)12 3441 2 720 3600 t ( TCP, one can establish arbitrary connections)6 1895( In)1 155( the core gateway is using.)5 1129(in predicting what numbers)3 1141 4 720 3720 t ( accurately, the core)3 850( \(More)1 323( the core.)2 400(to probe for information; in EGP, only a few hosts may speak to)12 2747 4 720 3840 t ( though as noted such checks are not currently implemented.\))9 2550(could only speak to a few particular hosts,)7 1770 2 720 3960 t (It may thus be hard to get the raw data needed for such an attack.)14 2708 1 720 4080 t 9 B f ( Internet Control Message Protocol)4 1385(3.4 The)1 323 2 720 4260 t 10 R f (The)720 4440 w 10 I f (Internet Control Message Protocol)3 1438 1 912 4440 t 10 R f (\(ICMP\))2387 4440 w 7 R f ([17])2698 4400 w 10 R f (is the basic network management tool of the TCP/IP)8 2189 1 2851 4440 t ( ICMP attacks are rather)4 1023( Surprisingly,)1 590( carry a rich potential for abuse.)6 1343( would seem to)3 647( It)1 132(protocol suite.)1 585 6 720 4560 t (dif\256cult; still, there are often holes that may be exploited.)9 2367 1 720 4680 t (The \256rst, and most obvious target, is the ICMP)8 1950 1 720 4860 t 10 I f (Redirect)2705 4860 w 10 R f (message; it is used by gateways to advise hosts)8 1962 1 3078 4860 t ( complication is)2 661( The)1 224( that RIP can be.)4 707( such it can often be abused in the same way)10 1894( As)1 181(of better routes.)2 653 6 720 4980 t ( particular, existing connection; it cannot be used to make an)10 2577(that a Redirect message must be tied to a)8 1743 2 720 5100 t ( Redirects are only applicable within a)6 1692( Furthermore,)1 609(unsolicited change to the host's routing tables.)6 2019 3 720 5220 t ( A)1 140( the path to the originating host.)6 1335(limited topology; they may be sent only from the \256rst gateway along)11 2845 3 720 5340 t (later gateway may not advise that host, nor may it use ICMP Redirect to control other gateways.)16 3973 1 720 5460 t (Suppose, though, that an intruder has penetrated a secondary gateway available to a target host, but not)16 4320 1 720 5640 t ( may suf\256ce to penetrate an ordinary host on the target's local network, and have it)15 3475( \(It)1 164(the primary one.)2 681 3 720 5760 t ( a false route to trusted host)6 1170( further that the intruder wishes to set up)8 1700( Assume)1 390(claim to be a gateway.\))4 968 4 720 5880 t 10 I f (T)4984 5880 w 10 R f ( a)1 83( Send)1 272( followed.)1 419( following sequence may then be)5 1392( The)1 228(through that compromised secondary gateway.)4 1926 6 720 6000 t (false TCP open packet to the target host, claiming to be from)11 2590 1 720 6120 t 10 I f (T)3349 6120 w 10 R f ( will respond with its own)5 1117( target)1 266(. The)1 252 3 3405 6120 t ( this is in transit, a false Redirect)7 1450( While)1 322( the secure primary gateway.)4 1229(open packet, routing it through)4 1319 4 720 6240 t ( This)1 258(may be sent, claiming to be from the primary gateway, and referring to the bogus connection.)15 4062 2 720 6360 t ( routing change it contains will be)6 1510(packet will appear to be a legitimate control message; hence the)10 2810 2 720 6480 t ( host makes this change to its global routing tables, rather than just to the per-)15 3373( the target)2 433(accepted. If)1 514 3 720 6600 t (connection cached route, the intruder may proceed with spoo\256ng host)9 2856 1 720 6720 t 10 I f (T)3609 6720 w 10 R f (.)3665 6720 w ( validity checks on ICMP Redirect messages; in such cases, the)10 2793(Some hosts do not perform enough)5 1527 2 720 6900 t (impact of this attack becomes similar to RIP-based attacks.)8 2425 1 720 7020 t ( of its messages, such as)5 1141( Several)1 391( targeted denial of service attacks.)5 1527(ICMP may also be used for)5 1261 4 720 7200 t 10 I f (Destination Unreachable)1 1026 1 720 7320 t 10 R f (and)1784 7320 w 10 I f (Time to Live Exceeded)3 945 1 1966 7320 t 10 R f ( the)1 159( If)1 137(, may be used to reset existing connections.)7 1825 3 2919 7320 t cleartomark showpage restore %%EndPage: 6 6 %%Page: 7 7 save mark 7 pagesetup 10 R f (- 7 -)2 182 1 2789 480 t ( the local and remote port numbers of a TCP connection, an ICMP packet aimed at that)16 3705(intruder knows)1 615 2 720 960 t (connection may be forged)3 1063 1 720 1080 t 7 R f (5)1783 1040 w 10 R f ( information is sometimes available through the)6 1958(. Such)1 291 2 1818 1080 t 10 I f (netstat)4100 1080 w 10 R f (service.)4400 1080 w ( sending a fraudulent)3 912(A more global denial of service attack can be launched by)10 2546 2 720 1260 t 10 I f (Subnet Mask Reply)2 813 1 4227 1260 t 10 R f ( not; a false one)4 676( hosts will accept any such message, whether they have sent a query or)13 2983(message. Some)1 661 3 720 1380 t (could effectively block all communications with the target host.)8 2614 1 720 1500 t 9 B f (Defenses)720 1680 w 10 R f ( host is careful)3 648( a)1 89( If)1 144(Most ICMP attacks are easy to defend against with just a modicum of paranoia.)13 3439 4 720 1800 t ( not)1 171(about checking that a message really does refer to a particular connection, most such attacks will)15 4149 2 720 1920 t ( this includes verifying that the ICMP packet contains a plausible sequence)11 3109( the case of TCP,)4 721(succeed. In)1 490 3 720 2040 t ( checks are less applicable to UDP, though.)7 1789( These)1 304(number in the returned-packet portion.)4 1576 3 720 2160 t ( additional attention, since such attacks can be more serious.)9 2581(A defense against Redirect attacks merits)5 1739 2 720 2340 t ( connection; the global routing table)5 1496(Probably, the best option is to restrict route changes to the speci\256ed)11 2824 2 720 2460 t (should not be modi\256ed in response to ICMP Redirect messages)9 2607 1 720 2580 t 7 R f (6)3327 2540 w 10 R f (.)3362 2580 w ( They)1 278( are even useful in today's environment.)6 1695(Finally, it is worth considering whether ICMP Redirects)7 2347 3 720 2760 t ( it is)2 243( But)1 238( than one gateway to the outside world.)7 1815(are only usable on local networks with more)7 2024 4 720 2880 t ( messages)1 435( Redirect)1 429( information.)1 555(comparatively easy to maintain complete and correct local routing)8 2901 4 720 3000 t ( to local exterior gateways, as that would allow such local)10 2420(would be most useful from the core gateways)7 1900 2 720 3120 t (gateways to have less than complete knowledge of the Internet; this use is disallowed, however.)14 3939 1 720 3240 t ( In)1 162( packet is honored only at the appropriate time.)8 2051(Subnet Mask attacks can be blocked if the Reply)8 2107 3 720 3420 t ( a message only at boot time, and only if it had issued a query; a stale)16 2948(general, a host wants to see such)6 1372 2 720 3540 t ( is little defense against a forged)6 1400( There)1 308(reply, or an unsolicited reply, should be rejected out of hand.)10 2612 3 720 3660 t ( Subnet Mask query, as a host that has sent such a query typically has few resources)16 3560(reply to a genuine)3 760 2 720 3780 t ( the genuine response is not blocked by the intruder, though, the)11 2693( If)1 135(with which to validate the response.)5 1492 3 720 3900 t ( multiple replies; a check to ensure that all replies agree would guard against)13 3526(target will receive)2 794 2 720 4020 t (administrative errors as well.)3 1183 1 720 4140 t 9 B f ( ``AUTHENTICATION'' SERVER)2 1385(4. THE)1 318 2 720 4380 t 10 R f ( implementations use the)3 1147(As an alternative to address-based authentication, some)6 2509 2 720 4560 t 10 I f (Authentication)4451 4560 w (Server)720 4680 w 7 R f ([18])988 4640 w 10 R f ( the identity of its client may contact the client host's)10 2481( server that wishes to know)5 1265(. A)1 190 3 1104 4680 t (Authentication Server)1 895 1 720 4800 t 7 R f (7)1615 4760 w 10 R f ( This)1 253(, and ask it for information about the user owning a particular connection.)12 3137 2 1650 4800 t ( second TCP)2 557(method is inherently more secure than simple address-based authentication, as it uses a)12 3763 2 720 4920 t ( source)1 308( thus can defeat sequence number attacks and)7 1968( It)1 141(connection not under control of the attacker.)6 1903 4 720 5040 t ( are certain risks, however.)4 1106( There)1 298(routing attacks.)1 624 3 720 5160 t ( the)1 170( If)1 147( not all hosts are competent to run authentication servers.)9 2487(The \256rst, and most obvious, is that)6 1516 4 720 5340 t ( is claimed to be; the answer cannot be trusted.)9 1968(client host is not secure, it does not matter who the user)11 2352 2 720 5460 t ( RIP has been)3 585( If)1 135( message itself can be compromised by routing table attacks.)9 2523(Second, the authentication)2 1077 4 720 5580 t ( to reach some host, the authentication query will rely on the same)12 2781(used to alter the target's idea of how)7 1539 2 720 5700 t ( TCP sequence number attack)4 1260( if the target host is down, a variant on the)10 1844( Finally,)1 383(altered routing data.)2 833 4 720 5820 t ( the presumed authentication server, the)5 1666(may be used; after the server sends out a TCP open request to)12 2654 2 720 5940 t ( the target runs a)4 717( If)1 137(attacker can complete the open sequence and send a false reply.)10 2669 3 720 6060 t 10 I f (netstat)4282 6060 w 10 R f (server, this)1 452 1 4588 6060 t (is even easier; as noted,)4 977 1 720 6180 t 10 I f (netstat)1730 6180 w 10 R f (will often supply the necessary sequence numbers with no need to guess.)11 3000 1 2030 6180 t 8 S1 f (__________________)720 6360 w 8 R f ( fact, such programs are available today; they are used as administrative tools to reset hung TCP connections.)17 3580(5. In)1 192 2 720 6480 t ( author)1 234( The)1 181( environments where ICMP-initiated route changes are not timed out.)9 2308( has other bene\256ts as well, especially in)7 1329(6. This)1 268 5 720 6600 t ( had)1 144( These)1 245( erroneous ICMP Redirect messages.)4 1214(has seen situations where RIP instability following a gateway crash has led to)12 2591 4 846 6690 t (the effect of permanently corrupting the routing tables on other hosts.)10 2269 1 846 6780 t ( Internet Activities Board does not currently recommend the Authentication Server for implementation)12 3459(7. The)1 250 2 720 6900 t 5 R f ([19])4429 6868 w 8 R f ( the)1 133(. However,)1 394 2 4513 6900 t (decision was not made because of security problems)7 1709 1 846 6990 t 5 R f ([5])2555 6958 w 8 R f (.)2614 6990 w cleartomark showpage restore %%EndPage: 7 7 %%Page: 8 8 save mark 8 pagesetup 10 R f (- 8 -)2 182 1 2789 480 t ( constitutes a denial)3 821( This)1 246( server can always reply ``no''.)5 1295(A less-obvious risk is that a fake authentication)7 1958 4 720 960 t (of service attack.)2 694 1 720 1080 t 9 B f (Defenses)720 1260 w 10 R f ( a more secure means of)5 1111(A server that wishes to rely on another host's idea of a user should use)14 3209 2 720 1380 t (validation, such as the Needham-Schroeder algorithm)5 2186 1 720 1500 t 7 R f ([20][21][22])2906 1460 w 10 R f ( by itself is inadequate.)4 956(. TCP)1 275 2 3254 1500 t 9 B f ( BE DRAGONS)2 630(5. HERE)1 383 2 720 1740 t 10 R f ( wise implementor)2 766( A)1 141( nevertheless susceptible to abuse.)4 1411(Some protocols, while not inherently \257awed, are)6 2002 4 720 1920 t (would do well to take these problems into account when providing the service.)12 3239 1 720 2040 t 9 B f ( ``Finger'' Service)2 715(5.1 The)1 323 2 720 2220 t 10 R f (Many systems implement a)3 1145 1 720 2400 t 10 I f (\256nger)1906 2400 w 10 R f (service)2180 2400 w 7 R f ([23])2503 2360 w 10 R f ( users,)1 272( server will display useful information about)6 1872(. This)1 277 3 2619 2400 t ( such data provides useful)4 1093( Unfortunately,)1 657( their full names, phone numbers, of\256ce numbers, etc.)8 2264(such as)1 306 4 720 2520 t (grist for the mill of a password cracker.)7 1672 1 720 2640 t 7 R f ([24])2392 2600 w 10 R f ( is giving)2 403(By running such a service, a system administrator)7 2090 2 2547 2640 t (away this data.)2 612 1 720 2760 t 9 B f ( Mail)1 210(5.2 Electronic)1 568 2 720 2940 t 10 R f ( it is quite vulnerable)4 880( Nevertheless,)1 606(Electronic mail is probably the most valuable service on the Internet.)10 2834 3 720 3120 t ( normally implemented)2 989( As)1 197(to misuse.)1 434 3 720 3240 t 7 R f ([25][26])2340 3200 w 10 R f (, the mail server provides no authentication mechanisms.)7 2468 1 2572 3240 t ( does support an)3 676( 822)1 184( RFC)1 257(This leaves the door wide open to faked messages.)8 2093 4 720 3360 t 10 I f (Encrypted)3963 3360 w 10 R f (header line, but)2 634 1 4406 3360 t ( see RFC 1040)3 658( \(However,)1 503(this is not widely used.)4 1004 3 720 3480 t 7 R f ([27])2885 3440 w 10 R f (for a discussion of a proposed new encryption)7 1992 1 3048 3480 t (standard for electronic mail.\))3 1182 1 720 3600 t 10 I f ( Post Of\256ce Protocol)3 865(5.2.1 The)1 416 2 720 3780 t 10 R f (The)720 3960 w 10 I f (The Post Of\256ce Protocol)3 1033 1 914 3960 t 10 R f (\(POP\))1986 3960 w 7 R f ([28])2236 3920 w 10 R f ( remote user to retrieve mail stored on a central server)10 2305(allows a)1 344 2 2391 3960 t ( and the)2 368( is by means of a single command containing both the user name)12 2910(machine. Authentication)1 1042 3 720 4080 t ( single command mandates the use of conventional)7 2291( combining the two on a)5 1144(password. However,)1 885 3 720 4200 t ( vulnerable to wire-tappers,)3 1166( such passwords are becoming less popular; they are too)9 2459(passwords. And)1 695 3 720 4320 t (intentional or accidental disclosure, etc.)4 1618 1 720 4440 t ( sites are adopting ``one-time passwords'')5 1752(As an alternative, many)3 990 2 720 4620 t 7 R f (8)3462 4580 w 10 R f ( one-time passwords, the host)4 1245(. With)1 298 2 3497 4620 t ( host issues a random challenge;)5 1365( The)1 228( key.)1 209(and some device available to the user share a cryptographic)9 2518 4 720 4740 t ( the challenge is)3 733( Since)1 309( the host.)2 422(both sides encrypt this number, and the user transmits it back to)11 2856 4 720 4860 t ( since the user does)4 844( And)1 247( session, thereby defeating eavesdroppers.)4 1747(random, the reply is unique to that)6 1482 4 720 4980 t ( stored in the device \320 the password cannot be given away)11 2645(not know the key \320 it is irretrievably)7 1675 2 720 5100 t (without depriving the user of the ability to log in.)9 2044 1 720 5220 t (The newest version of POP)4 1193 1 720 5400 t 7 R f ([30])1913 5360 w 10 R f ( into two commands, which is)5 1330(has split the user name and password)6 1631 2 2079 5400 t ( using)1 250( it also de\256nes an optional mechanism for preauthenticated connections, typically)10 3344(useful. However,)1 726 3 720 5520 t ( the)1 159( the security risks of this variant are mentioned explicitly in)10 2491( Commendably,)1 683(Berkeley's mechanisms.)1 987 4 720 5640 t (document.)720 5760 w 10 I f (5.2.2 PCMAIL)1 627 1 720 5940 t 10 R f (The)720 6120 w 10 I f (PCMAIL)930 6120 w 10 R f (protocol)1346 6120 w 7 R f ([31])1679 6080 w 10 R f ( one major)2 489( In)1 172(uses authentication mechanisms similar to those in POP2.)7 2528 3 1851 6120 t ( request requires)2 695( This)1 254( a password-change command.)3 1284( supports)1 383( it)1 133(respect, PCMAIL is more dangerous:)4 1571 6 720 6240 t (that both the old and new passwords be transmitted unencrypted.)9 2663 1 720 6360 t 8 S1 f (__________________)720 6807 w 8 R f ( passwords were apparently \256rst used for military IFF \(Identi\256cation Friend or Foe\) systems)13 3010(8. One-time)1 426 2 720 6927 t 5 R f ([29])4156 6895 w 8 R f (.)4240 6927 w cleartomark showpage restore %%EndPage: 8 8 %%Page: 9 9 save mark 9 pagesetup 10 R f (- 9 -)2 182 1 2789 480 t 9 B f ( Domain Name System)3 895(5.3 The)1 323 2 720 960 t 10 R f (The)720 1140 w 10 I f (Domain Name System)2 920 1 919 1140 t 10 R f (\(DNS\))1883 1140 w 7 R f ([32][33])2149 1100 w 10 R f ( mapping host names to IP)5 1164(provides for a distributed database)4 1451 2 2425 1140 t ( who interferes with the proper operation of the DNS can mount a variety of)14 3346( intruder)1 364(addresses. An)1 610 3 720 1260 t ( are a number of vulnerabilities.)5 1315( There)1 298(attacks, including denial of service and password collection.)7 2460 3 720 1380 t ( it is possible to mount a sequence number attack against a particular)12 2902(In some resolver implementations,)3 1418 2 720 1560 t ( generate a domain)3 789( the target user attempts to connect to a remote machine, an attacker can)13 3032(user. When)1 499 3 720 1680 t ( requires knowing both the UDP port used by the client's)10 2491( This)1 257( to the target's query.)4 935(server response)1 637 4 720 1800 t ( quite easy to obtain,)4 914( latter is often)3 618( The)1 235(resolver and the DNS sequence number used for the query.)9 2553 4 720 1920 t ( former may be)3 696( the)1 174( And)1 257(though, since some resolvers always start their sequence numbers with 0.)10 3193 4 720 2040 t (obtainable via)1 571 1 720 2160 t 10 I f (netstat)1324 2160 w 10 R f (or some analogous host command.)4 1417 1 1624 2160 t ( intruder)1 351( The)1 223( attack on the domain system and the routing mechanisms can be catastrophic.)12 3246(A combined)1 500 4 720 2340 t ( a)1 97(can intercept virtually all requests to translate names to IP addresses, and supply the address of)15 4223 2 720 2460 t ( instead; this would allow the intruder to spy on all traf\256c, and build a nice collection)16 3560(subverted machine)1 760 2 720 2580 t (of passwords if desired.)3 972 1 720 2700 t ( a suf\256ciently determined attacker might \256nd it)7 2019(For this reason, domain servers are high-value targets;)7 2301 2 720 2880 t ( or even)2 377(useful to take over a server by other means, including subverting the machine one is on,)15 3943 2 720 3000 t ( is no network defense against the former,)7 1856( There)1 316( the Internet.)2 559(physically interfering with its link to)5 1589 4 720 3120 t ( the latter issue may be)5 983(which suggests that domain servers should only run on highly secure machines;)11 3337 2 720 3240 t (addressed by using authentication techniques on domain server responses.)8 3023 1 720 3360 t ( normal mode of)3 693( The)1 223( functioning correctly, can be used for some types of spying.)10 2518(The DNS, even when)3 886 4 720 3540 t ( a)1 94( However,)1 473( speci\256c responses.)2 818(operation of the DNS is to make speci\256c queries, and receive)10 2702 4 720 3660 t 10 I f (zone)4857 3660 w (transfer)720 3780 w 10 R f ( section of the database; by)5 1224(\(AXFR\) request exists that can be used to download an entire)10 2727 2 1089 3780 t ( a database)2 505( Such)1 292(applying this recursively, a complete map of the name space can be produced.)12 3523 3 720 3900 t ( an intruder knows that a particular brand of host or)10 2197(represents a potential security risk; if, for example,)7 2123 2 720 4020 t ( consulted to \256nd all such targets.)6 1449(operating system has a particular vulnerability, that database can be)9 2871 2 720 4140 t ( and type of machines in a particular)7 1637(Other uses for such a database include espionage; the number)9 2683 2 720 4260 t ( about the size of the organization, and hence the)9 2041(organization, for example, can give away valuable data)7 2279 2 720 4380 t (resources committed to a particular project.)5 1775 1 720 4500 t ( system includes an error code for ``refused''; an administrative prohibition)10 3306(Fortunately, the domain)2 1014 2 720 4680 t ( code should)2 531( This)1 249( as a legitimate reason for refusal.)6 1427(against such zone transfers is explicitly recognized)6 2113 4 720 4800 t (be employed for zone transfer requests from any host not known to be a legitimate secondary server.)16 4320 1 720 4920 t ( authentication mechanism provided in the AXFR request; source address)9 3204(Unfortunately, there is no)3 1116 2 720 5040 t (authentication is the best that can be done.)7 1748 1 720 5160 t ( Hesiod)1 332( The)1 237( at M.I.T.)2 428(Recently, a compatible authentication extension to the DNS has been devised)10 3323 4 720 5340 t (name server)1 534 1 720 5460 t 7 R f ([34])1254 5420 w 10 R f (uses Kerberos)1 612 1 1445 5460 t 7 R f ([35])2057 5420 w 10 R f ( The)1 263(tickets to authenticate queries and responses.)5 2041 2 2248 5460 t 10 I f (additional)4628 5460 w (information)720 5580 w 10 R f ( the query carries an encrypted ticket, which includes a session key; this key,)13 3381(section of)1 416 2 1243 5580 t ( query)1 261(known only to Hesiod and the client, is used to compute a cryptographic checksum of the both the)17 4059 2 720 5700 t ( checksums are also sent in the additional information \256eld.)9 2453( These)1 304(and the response.)2 706 3 720 5820 t 9 B f ( File Transfer Protocol)3 900(5.4 The)1 323 2 720 6000 t 10 R f (The)720 6180 w 10 I f (File Transfer Protocol)2 926 1 910 6180 t 10 R f (\(FTP\))1871 6180 w 7 R f ([36])2110 6140 w 10 R f ( a few aspects of the implementation)6 1530( However,)1 458(itself is not \257awed.)3 791 3 2261 6180 t (merit some care.)2 678 1 720 6300 t 10 I f ( Authentication)1 622(5.4.1 FTP)1 444 2 720 6480 t 10 R f ( noted, simple passwords are)4 1239( As)1 191(FTP relies on a login and password combination for authentication.)9 2890 3 720 6660 t ( in the)2 278( Nothing)1 400( sites are adopting one-time passwords.)5 1640(increasingly seen as inadequate; more and more)6 2002 4 720 6780 t ( is vital, however, that the ``331'')6 1564( It)1 156(FTP speci\256cation precludes such an authentication method.)6 2600 3 720 6900 t ( a)1 83(response to)1 467 2 720 7020 t 10 I f (USER)1309 7020 w 10 R f (subcommand be displayed to the user; this message would presumably contain the)11 3448 1 1592 7020 t ( this response could not be used in this mode; if such)11 2234( FTP implementation that concealed)4 1489(challenge. An)1 597 3 720 7140 t ( become\) common, it may be necessary to use a new reply code to indicate that)15 3340(implementations are \(or)2 980 2 720 7260 t cleartomark showpage restore %%EndPage: 9 9 %%Page: 10 10 save mark 10 pagesetup 10 R f (- 10 -)2 232 1 2764 480 t (the user must see the content of the challenge.)8 1902 1 720 960 t 10 I f ( FTP)1 211(5.4.2 Anonymous)1 732 2 720 1140 t 10 R f ( speci\256cation, anonymous)2 1063( not required by the FTP)5 1030( While)1 312(A second problem area is ``anonymous FTP''.)6 1915 4 720 1320 t ( it should be implemented with)5 1287( Nevertheless,)1 607( the Internet.)2 525(FTP is a treasured part of the oral tradition of)9 1901 4 720 1440 t (care.)720 1560 w ( implementations of FTP require)4 1345( Some)1 296( the problem is the implementation technique chosen.)7 2207(One part of)2 472 4 720 1740 t ( care must be taken to ensure that these \256les are not)11 2252(creation of a partial replica of the directory tree;)8 2068 2 720 1860 t ( sensitive information, such as encrypted)5 1871( should they contain any)4 1165( Nor)1 260(subject to compromise.)2 1024 4 720 1980 t (passwords.)720 2100 w ( there is no record of who has requested)8 1662(The second problem is that anonymous FTP is truly anonymous;)9 2658 2 720 2280 t ( techniques for)2 639( servers will provide that data; they also provide useful)9 2410( Mail-based)1 531(what information.)1 740 4 720 2400 t (load-limiting)720 2520 w 7 R f (9)1243 2480 w 10 R f (, background transfers, etc.)3 1104 1 1278 2520 t 9 B f ( Network Management Protocol)3 1255(5.5 Simple)1 438 2 720 2700 t 10 R f (The)720 2880 w 10 I f ( Management Protocol)2 977(Simple Network)1 663 2 927 2880 t 10 R f (\(SNMP\))2620 2880 w 7 R f ([37])2959 2840 w 10 R f (has recently been de\256ned to aid in network)7 1912 1 3128 2880 t ( RFC states this, but)4 886( The)1 232( access to such a resource must be heavily protected.)9 2271(management. Clearly,)1 931 4 720 3000 t ( a ``read-only'' mode is dangerous;)5 1460( Even)1 273( null authentication service; this is a bad idea.)8 1903(also allows for a)3 684 4 720 3120 t (it may expose the target host to)6 1405 1 720 3240 t 10 I f (netstat)2176 3240 w 10 R f (-type attacks if the particular Management Information Base)7 2589 1 2451 3240 t (\(MIB\))720 3360 w 7 R f ([38])975 3320 w 10 R f ( version does not; however, the)5 1363( current standardized)2 880( \(The)1 268(used includes sequence numbers.)3 1391 4 1138 3360 t (MIB is explicitly declared to be extensible.\))6 1804 1 720 3480 t 9 B f ( Booting)1 330(5.6 Remote)1 468 2 720 3660 t 10 R f (Two sets of protocols are used today to boot diskless workstations and gateways,)12 3694 1 720 3840 t 10 I f (Reverse ARP)1 562 1 4478 3840 t 10 R f (\(RARP\))720 3960 w 7 R f ([39])1048 3920 w 10 R f (with the)1 348 1 1211 3960 t 10 I f (Trivial File Transfer Protocol)3 1273 1 1607 3960 t 10 R f (\(TFTP\))2928 3960 w 7 R f ([40])3228 3920 w 10 R f (and BOOTP)1 520 1 3392 3960 t 7 R f ([41])3912 3920 w 10 R f ( system)1 326( A)1 153(with TFTP.)1 485 3 4076 3960 t (being booted is a tempting target; if one can subvert the boot process, a new kernel with altered)17 4320 1 720 4080 t ( booting is riskier because it relies on Ethernet-)8 1990( RARP-based)1 592(protection mechanisms can be substituted.)4 1738 3 720 4200 t ( modest improvement in)3 1020( can achieve a)3 609( One)1 240(like networks, with all the vulnerabilities adhering thereto.)7 2451 4 720 4320 t ( otherwise,)1 448(security by ensuring that the booting machine uses a random number for its UDP source port;)15 3872 2 720 4440 t (an attacker can impersonate the server and send false DATA packets.)10 2846 1 720 4560 t ( by including a 4-byte random)5 1257(BOOTP adds an additional layer of security)6 1807 2 720 4740 t 10 I f (transaction id)1 569 1 3819 4740 t 10 R f ( prevents)1 373(. This)1 271 2 4396 4740 t ( is vital that these)4 764( It)1 135( to a workstation known to be rebooting.)7 1733(an attacker from generating false replies)5 1688 4 720 4860 t ( is freshly powered up, and hence with)7 1632(numbers indeed be random; this can be dif\256cult in a system that)11 2688 2 720 4980 t ( should be taken when booting through gateways; the more)9 2676( Care)1 282(little or no unpredictable state.)4 1362 3 720 5100 t (networks traversed, the greater the opportunity for impersonation.)7 2687 1 720 5220 t ( has only a single chance; a system)7 1563(The greatest measure of protection is that normally, the attacker)9 2757 2 720 5400 t ( and the)2 374( however, communications between the client)5 1980( If,)1 179(being booted does not stay in that state.)7 1787 4 720 5520 t (standard server may be interrupted, larger-scale attacks may be mounted.)9 2989 1 720 5640 t 9 B f ( ATTACKS)1 465(6. TRIVIAL)1 513 2 720 5880 t 10 R f ( completeness demands that they at least be)7 1809(A few attacks are almost too trivial to mention; nevertheless,)9 2511 2 720 6060 t (noted.)720 6180 w 8 S1 f (__________________)720 6717 w 8 R f ( this)1 144( If)1 107( technical report.)2 553( a host was temporarily rendered unusable by massive numbers of FTP requests for a popular)15 3087(9. Recently,)1 429 5 720 6837 t (were deliberate, it would be considered a successful denial of service attack.)11 2489 1 846 6927 t cleartomark showpage restore %%EndPage: 10 10 %%Page: 11 11 save mark 11 pagesetup 10 R f (- 11 -)2 232 1 2764 480 t 9 B f ( of the Local Network)4 865(6.1 Vulnerability)1 688 2 720 960 t 10 R f ( extremely vulnerable to eavesdropping and)5 1799(Some local-area networks, notably the Ethernet networks, are)7 2521 2 720 1140 t ( unwise)1 321( is also)2 306( It)1 133( such networks are used, physical access must be strictly controlled.)10 2852(host-spoo\256ng. If)1 708 5 720 1260 t ( any machine on the network is accessible to untrusted personnel,)10 2745(to trust any hosts on such networks if)7 1575 2 720 1380 t (unless authentication servers are used.)4 1559 1 720 1500 t (If the local network uses the Address Resolution Protocol \(ARP\))9 2706 1 720 1680 t 7 R f ([42])3426 1640 w 10 R f ( forms of host-spoo\256ng)3 978(more subtle)1 482 2 3580 1680 t ( packets, rather than just)4 1025( particular, it becomes trivial to intercept, modify, and forward)9 2627( In)1 155(are possible.)1 513 4 720 1800 t (taking over the host's role or simply spying on all traf\256c.)10 2359 1 720 1920 t (It is possible to launch denial of service attacks by triggering)10 2560 1 720 2100 t 10 I f (broadcast storms)1 705 1 3318 2100 t 10 R f ( are a variety of)4 681(. There)1 328 2 4031 2100 t ( The)1 225( as gateways.)2 553(ways to do this; it is quite easy if most or all of the hosts on the network are acting)19 3542 3 720 2220 t ( host, upon receiving it, will)5 1175( Each)1 266(attacker can broadcast a packet destined for a non-existent IP address.)10 2879 3 720 2340 t ( alone will represent a signi\256cant amount of traf\256c,)8 2140( This)1 248(attempt to forward it to the proper destination.)7 1932 3 720 2460 t ( attacker can follow up by)5 1134( The)1 232( broadcast ARP query for the destination.)6 1770(as each host will generate a)5 1184 4 720 2580 t ( is the proper way to reach that)7 1324(broadcasting an ARP reply claiming that the broadcast Ethernet address)9 2996 2 720 2700 t ( suspectible host will then not only resend the bogus packet, it will also receive many)15 3588(destination. Each)1 732 2 720 2820 t (more copies of it from the other suspectible hosts on the network.)11 2707 1 720 2940 t 9 B f ( Trivial File Transfer Protocol)4 1195(6.2 The)1 323 2 720 3120 t 10 R f (TFTP)720 3300 w 7 R f ([40])954 3260 w 10 R f ( any publicly-readable \256le in)4 1196( Thus,)1 295(permits \256le transfers without any attempt at authentication.)7 2443 3 1106 3300 t ( is the responsibility of the implementor and/or the system)9 2708( It)1 161(the entire universe is accessible.)4 1451 3 720 3420 t (administrator to make that universe as small as possible.)8 2315 1 720 3540 t 9 B f ( Ports)1 235(6.3 Reserved)1 528 2 720 3720 t 10 R f ( is, port numbers lower)4 976( That)1 254( the notion of a ``privileged port''.)6 1456(Berkeley-derived TCPs and UDPs have)4 1634 4 720 3900 t ( restriction is used as part of the)7 1511( This)1 270( may only be allocated to privileged processes.)7 2107(than 1024)1 432 4 720 4020 t ( neither the TCP nor the UDP speci\256cations contain any such)10 2743( However,)1 477(authentication mechanism.)1 1100 3 720 4140 t ( should never)2 558( Administrators)1 668( computer.)1 437(concept, nor is such a concept even meaningful on a single-user)10 2657 4 720 4260 t (rely on the Berkeley authentication schemes when talking to such machines.)10 3128 1 720 4380 t 9 B f ( DEFENSES)1 495(7. COMPREHENSIVE)1 933 2 720 4620 t 10 R f ( techniques are)2 646( Several)1 381( against a variety of individual attacks.)6 1689(Thus far, we have described defenses)5 1604 4 720 4800 t ( they may be employed to guard against not only these attacks, but many others)14 3289(broad-spectrum defenses;)1 1031 2 720 4920 t (as well.)1 313 1 720 5040 t 9 B f (7.1 Authentication)1 748 1 720 5220 t 10 R f ( because the target host uses the IP source address)9 2115(Many of the intrusions described above succeed only)7 2205 2 720 5400 t ( there are suf\256ciently many ways to)6 1563( Unfortunately,)1 666( assumes it to be genuine.)5 1142(for authentication, and)2 949 4 720 5520 t ( another way, source address)4 1313( Put)1 233( such techniques are all but worthless.)6 1763(spoof this address that)3 1011 4 720 5640 t ( of a \256le cabinet secured with an S100 lock; it may reduce the temptation)14 3044(authentication is the equivalent)3 1276 2 720 5760 t ( little or nothing to deter anyone even slightly)8 2051(level for more-or-less honest passers-by, but will do)7 2269 2 720 5880 t (serious about gaining entry.)3 1134 1 720 6000 t ( Perhaps)1 391( are several possible approaches.)4 1372( There)1 307( of cryptographic authentication is needed.)5 1787(Some form)1 463 5 720 6180 t (the best-known is the Needham-Schroeder algorithm)5 2180 1 720 6300 t 7 R f ([20][21][22])2900 6260 w 10 R f ( a key with)3 480( relies on each host sharing)5 1154(. It)1 158 3 3248 6300 t ( server; a host wishing to establish a connection obtains a session key from the)14 3603(an authentication)1 717 2 720 6420 t ( the conclusion of the)4 956( At)1 183(authentication server and passes a sealed version along to the destination.)10 3181 3 720 6540 t ( of the algorithm exist for both)6 1365( Versions)1 436( is convinced of the identity of the other.)8 1807(dialog, each side)2 712 4 720 6660 t (private-key and public-key)2 1091 1 720 6780 t 7 R f ([43])1811 6740 w 10 R f (cryptosystems.)1960 6780 w ( preauthenticated)1 700( them,)1 265( with)1 251( answer is obvious:)3 814( One)1 239(How do these schemes \256t together with TCP/IP?)7 2051 6 720 6960 t ( second answer is that the)5 1073( A)1 141(connections can be implemented safely; without them, they are quite risky.)10 3106 3 720 7080 t ( as it already incorporates the necessary name)7 1972(DNS provides an ideal base for authentication systems,)7 2348 2 720 7200 t ( be sure, key distribution responses must be authenticated and/or)9 2967( To)1 212(structure, redundancy, etc.)2 1141 3 720 7320 t cleartomark showpage restore %%EndPage: 11 11 %%Page: 12 12 save mark 12 pagesetup 10 R f (- 12 -)2 232 1 2764 480 t (encrypted; as noted, the former seems to be necessary in any event.)11 2773 1 720 960 t ( environments, care must be taken to use the session key to encrypt the entire conversation; if)16 3986(In some)1 334 2 720 1140 t (this is not done, an attacker can take over a connection via the mechanisms described earlier.)15 3825 1 720 1260 t 9 B f (7.2 Encryption)1 608 1 720 1440 t 10 R f ( encryption devices are)3 973( But)1 220( outlined above.)2 675(Suitable encryption can defend against most of the attacks)8 2452 4 720 1620 t ( are different)2 562( There)1 314( to administer, and uncommon in the civilian sector.)8 2274(expensive, often slow, hard)3 1170 4 720 1740 t ( comprehensive treatment of)3 1247( A)1 166( and weaknesses.)2 756(ways to apply encryption; each has its strengths)7 2151 4 720 1860 t ( Kent)1 233(encryption is beyond the scope of this paper; interested readers should consult Voydock and)13 3849 2 720 1980 t 7 R f ([44])4802 1940 w 10 R f (or)4957 1980 w (Davies and Price)2 692 1 720 2100 t 7 R f ([45])1412 2060 w 10 R f (.)1528 2100 w ( \320 is an excellent method)5 1091(Link-level encryption \320 encrypting each packet as it leaves the host computer)11 3229 2 720 2280 t ( also works well against physical intrusions; an attacker)8 2305( It)1 129(of guarding against disclosure of information.)5 1886 3 720 2400 t ( inject spurious packets.)3 1071(who tapped in to an Ethernet cable, for example, would not be able to)13 3249 2 720 2520 t ( The)1 237( would not be able to impersonate it.)7 1628(Similarly, an intruder who cut the line to a name server)10 2455 3 720 2640 t ( key determines the security of the network; typically, a key)10 2693(number of entities that share a given)6 1627 2 720 2760 t (distribution center will allocate keys to each pair of communicating hosts.)10 3035 1 720 2880 t ( packets are dif\256cult to secure; in the)7 1591( Broadcast)1 474(Link-level encryption has some weaknesses, however.)5 2255 3 720 3060 t ( the ability)2 444(absence of fast public-key cryptosystems, the ability to decode an encrypted broadcast implies)12 3876 2 720 3180 t ( link-level encryption, by)3 1037( Furthermore,)1 591(to send such a broadcast, impersonating any host on the network.)10 2692 3 720 3300 t (de\256nition, is not end-to-end; security of a conversation across gateways implies trust in the gateways and)15 4320 1 720 3420 t ( may be)2 386( latter constraint)2 717( \(This)1 303(assurance that the full concatenated internet is similarly protected.)8 2914 4 720 3540 t ( such constraints are not met, tactics such)7 1723( If)1 134( done in the military sector.\))5 1182(enforced administratively, as is)3 1281 4 720 3660 t ( gateways can be deployed at the)6 1391( Paranoid)1 426(as source-routing attacks or RIP-spoo\256ng may be employed.)7 2503 3 720 3780 t ( incoming RIP packets or source-routed)5 1689(entrance to security domains; these might, for example, block)8 2631 2 720 3900 t (packets.)720 4020 w ( Defense Data Network)3 1004( All)1 208( of the DARPA Internet employ forms of link encryption.)9 2501(Many portions)1 607 4 720 4200 t ( classi\256ed lines use more)4 1047(\(DDN\) IMP-to-IMP trunks use DES encryption, even for non-classi\256ed traf\256c;)9 3273 2 720 4320 t (secure cryptosystems)1 881 1 720 4440 t 7 R f ([46])1601 4400 w 10 R f ( easy to)2 367( however, are point-to-point lines, which are comparatively)7 2580(. These,)1 376 3 1717 4440 t (protect.)720 4560 w ( link encryption device for TCP/IP is the)7 1708(A multi-point)1 559 2 720 4740 t 10 I f (Blacker Front End)2 773 1 3024 4740 t 10 R f (\(BFE\))3834 4740 w 7 R f ([47])4084 4700 w 10 R f ( BFE looks to)3 590(. The)1 250 2 4200 4740 t ( it)1 104( When)1 319(the host like an X.25 DDN interface, and sits between the host and the actual DDN line.)16 3897 3 720 4860 t ( a new destination, it contacts an Access Control Center \(ACC\))10 2657(receives a call request packet specifying)5 1663 2 720 4980 t ( the local host is denied)5 991( If)1 134( \(KDC\) for cryptographic keys.)4 1295(for permission, and a Key Distribution Center)6 1900 4 720 5100 t ( ``Emergency)1 555( special)1 311( A)1 139(permission to talk to the remote host, an appropriate diagnostic code is returned.)12 3315 4 720 5220 t ( restricted set of destinations at times when the link to the)11 2455(Mode'' is available for communications to a)6 1865 2 720 5340 t (KDC or ACC is not working.)5 1218 1 720 5460 t ( if)1 97( Even)1 274( earlier.)1 315(The permission-checking can, to some extent, protect against the DNS attacks described)11 3634 4 720 5640 t ( the BFE will ensure that)5 1037(a host has been mislead about the proper IP address for a particular destination,)13 3283 2 720 5760 t ( is, assume that a host wishes to send)8 1608( That)1 257(a totally unauthorized host does not receive sensitive data.)8 2455 3 720 5880 t (Top Secret data to some host)5 1227 1 720 6000 t 10 I f (foo)1986 6000 w 10 R f ( DNS attack might mislead the host into connecting to penetrated)10 2749(. A)1 169 2 2122 6000 t ( material, or is not allowed)5 1191( 4.0.0.4 is not cleared for Top Secret)7 1619( If)1 147(host 4.0.0.4, rather than 1.0.0.1.)4 1363 4 720 6120 t ( denial of service)3 741( be sure, a)3 464( To)1 189(communications with the local host, the connection attempt will fail.)9 2926 4 720 6240 t (attack has taken place; this, in the military world, is far less serious than information loss.)15 3700 1 720 6360 t ( to an encrypted \(``Black''\) address, using a)7 1903(The BFE also translates the original \(``Red''\) IP address)8 2417 2 720 6540 t ( is done to foil traf\256c analysis techniques, the bane of all)11 2445( This)1 253( ACC.)1 273(translation table supplied by the)4 1349 4 720 6660 t (multi-point link encryption schemes.)3 1496 1 720 6780 t ( of the)2 285(End-to-end encryption, above the TCP level, may be used to secure any conversation, regardless)13 4035 2 720 6960 t ( centralized network)2 878( is probably appropriate for)4 1224( This)1 269(number of hops or the quality of the links.)8 1949 4 720 7080 t ( and management is a)4 1009( distribution)1 522( Key)1 259(management applications, or other point-to-point transfers.)5 2530 4 720 7200 t ( since encryption)2 716( Furthermore,)1 599( correspondents involved.)2 1063(greater problem, since there are more pairs of)7 1942 4 720 7320 t cleartomark showpage restore %%EndPage: 12 12 %%Page: 13 13 save mark 13 pagesetup 10 R f (- 13 -)2 232 1 2764 480 t ( initiation or after termination of the TCP processing, host-level software)10 3036(and decryption are done before)4 1284 2 720 960 t (must arrange for the translation; this implies extra overhead for each such conversation)12 3572 1 720 1080 t 7 R f (10)4292 1040 w 10 R f (.)4362 1080 w ( denial of service attacks, since fraudulently-injected packets can)8 2718(End-to-end encryption is vulnerable to)4 1602 2 720 1260 t ( combination of end-to-end encryption)4 1610( A)1 147( tests and make it to the application.)7 1557(pass the TCP checksum)3 1006 4 720 1380 t ( alternative would be to)4 1003( intriguing)1 434( An)1 194(and link-level encryption can be employed to guard against this.)9 2689 4 720 1500 t ( TCP checksum would be calculated)5 1496(encrypt the data portion of the TCP segment, but not the header; the)12 2824 2 720 1620 t ( a change would be)4 882( such)1 235( Unfortunately,)1 670(on the cleartext, and hence would detect spurious packets.)8 2533 4 720 1740 t (incompatible with other implementations of TCP, and could not be done transparently at application)13 4320 1 720 1860 t (level.)720 1980 w (Regardless of the method used, a major bene\256t of encrypted communications is the implied)13 4320 1 720 2160 t ( assumes that the key distribution center is secure, and the key)11 2793( one)1 198( If)1 153(authentication they provide.)2 1176 4 720 2280 t ( with it a strong assurance)5 1145(distribution protocols are adequate, the very ability to communicate carries)9 3175 2 720 2400 t (that one can trust the source host's IP address for identi\256cation.)10 2618 1 720 2520 t ( routing attack can)3 794( A)1 148( especially important in high-threat situations.)5 1928(This implied authentication can be)4 1450 4 720 2700 t ( the)1 167(be used to ``take over'' an existing connection; the intruder can effectively cut the connection at)15 4153 2 720 2820 t ( while translate sequence)3 1093(subverted machine, send dangerous commands to the far end, and all the)11 3227 2 720 2940 t (numbers on packets passed through so as to disguise the intrusion.)10 2731 1 720 3060 t ( that is the)3 465( Often)1 302( any of these encryption schemes provide privacy.)7 2120(It should be noted, of course, that)6 1433 4 720 3240 t (primary goal of such systems.)4 1228 1 720 3360 t 9 B f ( Systems)1 340(7.3 Trusted)1 478 2 720 3540 t 10 R f ( suite, it is worth asking to what extent the Orange)10 2132(Given that TCP/IP is a Defense Department protocol)7 2188 2 720 3720 t (Book)720 3840 w 7 R f ([48])937 3800 w 10 R f (and Red Book)2 626 1 1105 3840 t 7 R f ([49])1731 3800 w 10 R f ( is,)1 145( That)1 269( above.)1 316(criteria would protect a host from the attacks described)8 2411 4 1899 3840 t ( these attacks succeed?)3 967( Could)1 320( higher.)1 322(suppose that a target host \(and the gateways!\) were rated B1 or)11 2711 4 720 3960 t ( general,)1 365( In)1 163( a complex one, and depends on the assumptions we are willing to make.)13 3196(The answer is)2 596 4 720 4080 t ( rated at B2 or higher are immune to the attacks described here, while C2-level systems)15 3623(hosts and routers)2 697 2 720 4200 t ( systems are vulnerable to some of these attacks, but not all.)11 2482( B1-level)1 410(are susceptible.)1 623 3 720 4320 t ( is used in secure environments, a brief tutorial on the military)11 2783(In order to understand how TCP/IP)5 1537 2 720 4500 t ( All)1 198(security model is necessary.)3 1156 2 720 4620 t 10 I f (objects)2111 4620 w 10 R f ( channels, and)2 590(in the computer system, such as \256les or network)8 2019 2 2431 4620 t (all data exported from them, must have a)7 1783 1 720 4740 t 10 I f (label)2550 4740 w 10 R f (indicating the sensitivity of the information in them.)7 2243 1 2797 4740 t ( Secret, and Top Secret\) and non-)6 1572(This label includes hierarchical components \(i.e., Con\256dential,)6 2748 2 720 4860 t (hierarchical components.)1 1039 1 720 4980 t 10 I f (Subjects)1853 4980 w 10 R f ( computer system \320 are similarly)5 1542(\320 i.e., processes within the)4 1251 2 2247 4980 t ( subject may)2 535(labeled. A)1 458 2 720 5100 t 10 I f (read)1753 5100 w 10 R f ( equal hierarchical level and if all of)7 1541(an object if its label has a higher or)8 1523 2 1976 5100 t ( other words, the process)4 1039( In)1 152( label.)1 255(the object's non-hierarchical components are included in the subject's)8 2874 4 720 5220 t ( a subject may write to an object)7 1386( Similarly,)1 469( \256le.)1 191(must have suf\256cient clearance for the information in a)8 2274 4 720 5340 t ( object has a)3 565(if the)1 230 2 720 5460 t 10 I f (higher)1563 5460 w 10 R f (or equal level and the object's non-hierarchical components include all of)10 3168 1 1872 5460 t ( is, the sensitivity level of the \256le must be at least as high as that of)16 2914( That)1 257(those in the subject's level.)4 1149 3 720 5580 t ( a \256le that is)4 549( it were not, a program with a high clearance could write classi\256ed data to)14 3148( If)1 138(the process.)1 485 4 720 5700 t (readable by a process with a low security clearance.)8 2132 1 720 5820 t ( access to any \256le, its security label must exactly match that of)12 2662(A corollary to this is that for read/write)7 1658 2 720 6000 t ( communication \(i.e., a TCP)4 1222( same applies to any form of bidirectional interprocess)8 2366( The)1 237(the process.)1 495 4 720 6120 t (virtual circuit\): both ends must have identical labels.)7 2154 1 720 6240 t ( a process creates a TCP)5 1037( When)1 309( TCP/IP protocol suite.)3 962(We can now see how to apply this model to the)10 2012 4 720 6420 t ( label is encoded in the IP security option.)8 1767( This)1 247( is given the process's label.)5 1181(connection, that connection)2 1125 4 720 6540 t ( must ensure that the label on received packets matches that of the receiving process.)14 3622(The remote TCP)2 698 2 720 6660 t 8 S1 f (__________________)720 6840 w 8 R f (10. We are assuming that TCP is handled by the host, and not by a front-end processor.)16 2876 1 720 6960 t cleartomark showpage restore %%EndPage: 13 13 %%Page: 14 14 save mark 14 pagesetup 10 R f (- 14 -)2 232 1 2764 480 t ( the connection is)3 825(Servers awaiting connections may be eligible to run at multiple levels; when)11 3495 2 720 960 t (instantiated, however, the process must be forced to the level of the connection request packet.)14 3890 1 720 1080 t (IP also makes use of the security option)7 1786 1 720 1260 t 7 R f ([50])2506 1220 w 10 R f ( packet may not be sent over a link with a lower)11 2235(. A)1 183 2 2622 1260 t ( it may carry Unclassi\256ed or Con\256dential traf\256c, but)8 2191( a link is rated for Secret traf\256c,)7 1360( If)1 137(clearance level.)1 632 4 720 1380 t ( security)1 357( The)1 229( the security option constrains routing decisions.)6 2031( Thus,)1 299( Top Secret data.)3 724(it may not carry)3 680 6 720 1500 t ( the)1 155(level of a link depends on its inherent characteristics, the strength of any encryption algorithms used,)15 4165 2 720 1620 t ( example, an)2 557( For)1 222( location of the facility.)4 1035(security levels of the hosts on that network, and even the)10 2506 4 720 1740 t ( located in a submarine is much more secure than if the same cable were running through)16 3735(Ethernet cable)1 585 2 720 1860 t (a dormitory room in a university.)5 1367 1 720 1980 t ( penetration at the)3 745( TCP-level attacks can only achieve)5 1473( First,)1 275(Several points follow from these constraints.)5 1827 4 720 2160 t ( is, an attacker at the Unclassi\256ed level could only achieve Unclassi\256ed)11 3153( That)1 269(level of the attacker.)3 898 3 720 2280 t ( attack was used)3 696(privileges on the target system, regardless of which network)8 2516 2 720 2400 t 7 R f (11)3932 2360 w 10 R f ( packets with)2 557(. Incoming)1 481 2 4002 2400 t (an invalid security marking would be rejected by the gateways.)9 2595 1 720 2520 t ( Orange)1 341( The)1 236(Attacks based on any form of source-address authentication should be rejected as well.)12 3743 3 720 2700 t ( provide secure means of identi\256cation and authentication; as we have shown,)11 3210(Book requires that systems)3 1110 2 720 2820 t ( of the B1 level, authentication information must)7 2054( As)1 184( address is not adequate.)4 1033(simple reliance on the IP)4 1049 4 720 2940 t (be protected by cryptographic checksums when transmitted from machine to machine)10 3501 1 720 3060 t 7 R f (12)4221 3020 w 10 R f (.)4291 3060 w (The)720 3240 w 10 I f (authentication)911 3240 w 10 R f ( especially)1 436(server is still problematic; it can be spoofed by a sequence number attack,)12 3079 2 1525 3240 t (if)720 3360 w 10 I f (netstat)840 3360 w 10 R f ( of attack could easily be combined with source routing for full)11 2884( sort)1 209( This)1 270(is available.)1 511 4 1166 3360 t ( cryptographic checksums would add signi\256cant strength.)6 2348( Again,)1 335(interactive access.)1 733 3 720 3480 t ( from routing attacks; RIP-spoo\256ng could corrupt their)7 2323(B1-level systems are not automatically immune)5 1997 2 720 3660 t ( seen, that would allow an intruder to capture passwords, perhaps even)11 2973( As)1 183(routing tables just as easily.)4 1164 3 720 3780 t ( be sure, the initial penetration is still restricted by the security)11 2635( To)1 182(some used on other trusted systems.)5 1503 3 720 3900 t (labelling, but that may not block future logins captured by these means.)11 2949 1 720 4020 t ( if the route to a secure destination is)8 1534( Speci\256cally,)1 563(Routing attacks can also be used for denial of service.)9 2223 3 720 4200 t ( change)1 318( This)1 247( require use of an insecure link, the two hosts will not be able to communicate.)15 3308(changed to)1 447 4 720 4320 t ( detected rather quickly, though, since the gateway that noticed the misrouted packet)12 3545(would probably be)2 775 2 720 4440 t (would \257ag it as a security problem.)6 1455 1 720 4560 t ( requirements)1 568( Similar)1 375( is required.)2 518(At the B2 level, secure transmission of routing control information)9 2859 4 720 4740 t (apply to other network control information, such as ICMP packets.)9 2744 1 720 4860 t (Several attacks we have described rely on data derived from ``information servers'', such as)13 3834 1 720 5040 t 10 I f (netstat)4591 5040 w 10 R f (and)4896 5040 w 10 I f (\256nger)720 5160 w 10 R f ( these, if carefully done, may not represent a direct penetration threat in the civilian sense,)15 3742(. While)1 337 2 961 5160 t (they are often seen to represent a)6 1384 1 720 5280 t 10 I f (covert channel)1 602 1 2141 5280 t 10 R f ( many B-)2 398( Thus,)1 296( used to leak information.)4 1076(that may be)2 490 4 2780 5280 t (division systems do not implement such servers.)6 1984 1 720 5400 t ( technical features we have described may not apply in the military)11 2917(In a practical sense, some of the)6 1403 2 720 5580 t ( rules)1 235(world. Administrative)1 932 2 720 5700 t 7 R f ([51])1887 5660 w 10 R f ( interconnections; uncleared personnel are)4 1752(tend to prohibit risky sorts of)5 1244 2 2044 5700 t ( rules are, most)3 676( Such)1 281(not likely to have even indirect access to systems containing Top Secret data.)12 3363 3 720 5820 t (likely, an accurate commentary on anyone's ability to validate any computer system of non-trivial size.)14 4233 1 720 5940 t 9 B f (8. CONCLUSIONS)1 788 1 720 6180 t 10 R f ( in general, relying)3 805( \256rst, surely, is that)4 831( The)1 229(Several points are immediately obvious from this analysis.)7 2455 4 720 6360 t ( is extremely dangerous)3 1089(on the IP source address for authentication)6 1972 2 720 6480 t 7 R f (13)3781 6440 w 10 R f ( the Internet)2 574(. Fortunately,)1 615 2 3851 6480 t 8 S1 f (__________________)720 6660 w 8 R f (11. We are assuming, of course, that the penetrated system does not have bugs of its own that would allow further access.)21 3994 1 720 6780 t ( certain)1 245( Under)1 255( be protected to an equal extent with data sensitivity labels.)10 1979( precisely, user identi\256cation information must)5 1543(12. More)1 298 5 720 6900 t ( general, though, they are required.)5 1142( In)1 118(circumstances, described in the Red Book, cryptographic checks may be omitted.)10 2647 3 846 6990 t ( all of its components \(hosts, gateways, cables, etc.\) are)9 1916( the entire network, and)4 825( If)1 116( are some exceptions to this rule.)6 1152(13. There)1 311 5 720 7110 t (physically protected, and if all of the operating systems are suf\256ciently secure, there would seem to be little risk.)18 3685 1 846 7200 t cleartomark showpage restore %%EndPage: 14 14 %%Page: 15 15 save mark 15 pagesetup 10 R f (- 15 -)2 232 1 2764 480 t ( Berkeley manuals)2 779( The)1 231( intellectual level.)2 749(community is starting to accept this on more than an)9 2249 4 720 960 t 7 R f ([3])4728 920 w 10 R f (have)4852 960 w ( very weak, but it is only recently that serious attempts)10 2274(always stated that the authentication protocol was)6 2046 2 720 1080 t (\(i.e., Kerberos)1 579 1 720 1200 t 7 R f ([35])1299 1160 w 10 R f (and SunOS 4.0's DES authentication mode)5 1772 1 1449 1200 t 7 R f ([52])3221 1160 w 10 R f ( been made to correct the problem.)6 1448(\) have)1 255 2 3337 1200 t ( More)1 294( have their weaknesses, but both are far better than their predecessor.)11 2970(Kerberos and SunOS 4.0)3 1056 3 720 1320 t ( the)1 181(recently, an extension to)3 1075 2 720 1440 t 10 I f (Network Time Protocol)2 1007 1 2035 1440 t 10 R f (\(NTP\))3101 1440 w 7 R f ([53])3356 1400 w 10 R f (has been proposed that includes a)5 1509 1 3531 1440 t (cryptographic checksum)1 986 1 720 1560 t 7 R f ([54])1706 1520 w 10 R f (.)1822 1560 w ( a protocol depends on sequence)5 1434( If)1 152( number attacks.)2 713(A second broad class of problems is sequence)7 2021 4 720 1740 t ( is worth considerable effort)4 1169( It)1 130( most do \320 it is vital that they be chosen unpredictably.)11 2359(numbers \320 and)2 662 4 720 1860 t (to ensure that these numbers are not knowable even to other users on the same system.)15 3575 1 720 1980 t ( A)1 141(We may generalize this by by stating that hosts should not give away knowledge gratuitously.)14 3909 2 720 2160 t 10 I f (\256nger)4807 2160 w 10 R f ( user, rather than)3 694(server, for example, would be much safer if it only supplied information about a known)14 3626 2 720 2280 t ( then, some censorship might be appropriate; a)7 1983( Even)1 280( on.)1 167(supplying information about everyone logged)4 1890 4 720 2400 t ( supply the last login date and other sensitive information would be appropriate if the account)15 3932(refusal to)1 388 2 720 2520 t ( Infrequently-used)1 789( accounts often have simple default passwords.)6 2009( \(Never-used)1 572(was not used recently.)3 950 4 720 2640 t ( have also seen how)4 850( We)1 210(accounts are often set up less carefully by the owner.\))9 2270 3 720 2760 t 10 I f (netstat)4088 2760 w 10 R f (may be abused;)2 647 1 4393 2760 t (indeed, the combination of)3 1110 1 720 2880 t 10 I f (netstat)1868 2880 w 10 R f (with the)1 338 1 2173 2880 t 10 I f (authentication)2549 2880 w 10 R f (server is the single strongest attack using the)7 1875 1 3165 2880 t (standardized Internet protocols.)2 1277 1 720 3000 t ( are not)2 317( routes)1 277( Static)1 294(Finally, network control mechanisms are dangerous, and must be carefully guarded.)10 3432 4 720 3180 t ( use of default routes and veri\256able point-to-point routing)8 2367(feasible in a large-scale network, but intelligent)6 1953 2 720 3300 t (protocols \(i.e., EGP\) are far less vulnerable than broadcast-based routing.)9 3001 1 720 3420 t 9 B f (9. ACKNOWLEDGEMENTS)1 1188 1 720 3660 t 10 R f ( Deborah Estrin made a number of useful)7 1831(Dave Presotto, Bob Gilligan, Gene Tsudik, and especially)7 2489 2 720 3840 t (suggestions and corrections to a draft of this paper.)8 2102 1 720 3960 t 10 I f (REFERENCES)2574 4560 w 10 R f ( Feinler, O.J. Jacobsen, M.K. Stahl, C.A. Ward, eds.)8 2185(1. E.J.)1 258 2 770 4800 t 10 I f (DDN Protocol Handbook)2 1051 1 3283 4800 t 10 R f ( Network)1 387(. DDN)1 311 2 4342 4800 t (Information Center, SRI International, 1985.)4 1816 1 878 4920 t ( D.)1 141(2. Comer,)1 405 2 770 5100 t 10 I f ( Principles, Protocols, and Architecture)4 1679(Internetworking with TCP/IP :)3 1288 2 1393 5100 t 10 R f ( Hall,)1 242(. Prentice)1 430 2 4368 5100 t (1988)878 5220 w ( Systems Research Group.)3 1090(3. Computer)1 508 2 770 5400 t 10 I f (U)2438 5400 w 8 I f (NIX)2510 5400 w 10 I f ( Berkeley Software)2 776( 4.3)1 195(User's Reference Manual \(URM\).)3 1393 3 2676 5400 t (Distribution Virtual Vax-11 Version.)3 1635 1 878 5520 t 10 R f ( Division, Department of Electrical)4 1626(Computer Science)1 789 2 2625 5520 t ( 1986.)1 291(Engineering and Computer Science, University of California, Berkeley.)7 2918 2 878 5640 t ( E.H.)1 223(4. Spafford,)1 482 2 770 5820 t 10 I f (The Internet Worm Program: An Analysis)5 1754 1 1548 5820 t 10 R f ( Technical Report CSD-TR-823,)3 1349(. Purdue)1 381 2 3310 5820 t ( 1988)1 266(Department of Computer Sciences Purdue University, West Lafayette, IN.)8 3033 2 878 5940 t (5. Seeley, D.)2 529 1 770 6120 t 10 I f (A Tour of the Worm)4 832 1 1365 6120 t 10 R f ( 1988.)1 291( of Computer Science, University of Utah.)6 1740(. Department)1 562 3 2205 6120 t ( M. and Rochlis, J.)4 833(6. Eichin,)1 394 2 770 6300 t 10 I f ( Analysis of the Internet Virus of)6 1426( An)1 189(With Microscope and Tweezers:)3 1350 3 2075 6300 t (November 1988.)1 668 1 878 6420 t 10 R f (Massachussetts Institute of Technology, 1988.)4 1886 1 1612 6420 t ( 1985.)1 320( R.T.)1 240(7. Morris,)1 405 3 770 6600 t 10 I f (A Weakness in the 4.2BSD U)5 1344 1 1830 6600 t 8 I f (NIX)3174 6600 w 10 I f (TCP/IP Software)1 724 1 3365 6600 t 10 R f ( Science)1 372(. Computing)1 571 2 4097 6600 t (Technical Report No. 117, AT&T Bell Laboratories, Murray Hill, New Jersey.)10 3227 1 878 6720 t (8. Reynolds, J.K., and J. Postel.)5 1307 1 770 6900 t 10 I f (Assigned Numbers)1 755 1 2143 6900 t 10 R f ( 990, 1986)2 441(. RFC)1 281 2 2906 6900 t (9. Mills, D.L.)2 561 1 770 7080 t 10 I f (Internet Delay Experiments)2 1119 1 1397 7080 t 10 R f (, RFC 889, 1983.)3 714 1 2524 7080 t cleartomark showpage restore %%EndPage: 15 15 %%Page: 16 16 save mark 16 pagesetup 10 R f (- 16 -)2 232 1 2764 480 t ( Strong Sequences of Pseudo-Random)4 1568( to Generate Cryptographically)3 1263( ``How)1 326(10. Blum, M. and Micali, S.)5 1163 4 720 960 t (Bits''.)878 1080 w 10 I f (SIAM J. Computing)2 807 1 1197 1080 t 10 R f (, vol. 13, no. 4, pp. 850-864, Nov. 1984.)8 1672 1 2012 1080 t ( Publication \(FIPS PUB\) 46,)4 1339( Federal Information Processing Standards)4 1903(11. US)1 286 3 720 1260 t 10 I f (Data Encryption)1 718 1 4322 1260 t (Standard)878 1380 w 10 R f (, 15 January 1977.)3 759 1 1253 1380 t ( Federal Information Processing Standards Publication \(FIPS PUB\) 81.)8 3246(12. US)1 286 2 720 1560 t 10 I f (DES Modes of)2 679 1 4361 1560 t (Operation)878 1680 w 10 R f (, 2 December 1980.)3 808 1 1297 1680 t ( M.)1 151(13. Bishop,)1 467 2 720 1860 t 10 I f ( of a Fast Data Encryption Standard Implementation)7 2210(An Application)1 615 2 1408 1860 t 10 R f ( Report)1 310(. Technical)1 489 2 4241 1860 t ( Science, Dartmouth College, Hanover,)4 1660(PCS-TR88-138, Department of Mathematics and Computer)5 2502 2 878 1980 t (NH. 1988.)1 460 1 878 2100 t ( Flexible Datagram Access Controls for U)6 2052( and)1 229( ``Simple)1 468( J.)1 149(14. Mogul,)1 450 5 720 2280 t 8 R f (NIX)4068 2280 w 10 R f (-based Gateways'',)1 830 1 4210 2280 t 10 I f (Proceedings, Summer USENIX)2 1261 1 878 2400 t 10 R f (, 1989, Baltimore, Maryland \(to appear\).)5 1662 1 2147 2400 t (15. Hedrick, C.)2 629 1 720 2580 t 10 I f (Routing Information Protocol)2 1211 1 1415 2580 t 10 R f ( 1058, 1988.)2 516(. RFC)1 281 2 2634 2580 t (16. Mills, D.L.)2 611 1 720 2760 t 10 I f (Exterior Gateway Protocol Formal Speci\256cation)4 1986 1 1397 2760 t 10 R f ( 904, 1984.)2 466(. RFC)1 281 2 3391 2760 t (17. Postel, J.)2 525 1 720 2940 t 10 I f (Internet Control Message Protocol)3 1426 1 1311 2940 t 10 R f ( 792, 1981.)2 466(. RFC)1 281 2 2745 2940 t (18. St. Johns, M.)3 700 1 720 3120 t 10 I f (Authentication Server)1 882 1 1486 3120 t 10 R f ( 931, 1985.)2 466(. RFC)1 281 2 2376 3120 t ( Internet Activities Board.)3 1148( Advanced Research Projects Agency,)4 1670(19. Defense)1 484 3 720 3300 t 10 I f (IAB Of\256cial Protocol)2 925 1 4115 3300 t (Standards.)878 3420 w 10 R f (RFC 1083, 1988)2 681 1 1375 3420 t ( 1989.)1 291( communication.)1 680( Private)1 349(19. Postel, J.)2 525 4 720 3600 t ( Encryption for Authentication in Large Networks of)7 2222( ``Using)1 379( R.M. and Schroeder, M.D.)4 1154(20. Needham,)1 565 4 720 3780 t (Computers''.)878 3900 w 10 I f (Communications of the ACM)3 1188 1 1474 3900 t 10 R f (, vol. 21, no. 12, pp. 993-999, December 1978.)8 1934 1 2670 3900 t ( in Key Distribution Protocols'',)4 1361( ``Timestamps)1 629( D.E. and Sacco, G.M.)4 965(21. Denning,)1 527 4 720 4080 t 10 I f (Communications of)1 797 1 4243 4080 t (the ACM)1 366 1 878 4200 t 10 R f (, vol. 24, no. 8, pp. 533-536, August 1981.)8 1764 1 1252 4200 t ( Revisited'',)1 509( ``Authentication)1 733( R.M. and Schroeder, M.D.)4 1150(22. Needham,)1 565 4 720 4380 t 10 I f ( Review)1 329(Operating Systems)1 767 2 3717 4380 t 10 R f (, vol.)1 219 1 4821 4380 t (21, no. 1, p. 7, January 1987.)6 1208 1 878 4500 t (23. Harrenstien, K.)2 778 1 720 4680 t 10 I f (NAME/FINGER Protocol)1 1038 1 1564 4680 t 10 R f (, RFC 742, 1977.)3 714 1 2610 4680 t ( ``U)1 230( Morris, R.H.)2 604( F.T. and)2 427(24. Grampp,)1 510 4 720 4860 t 8 R f (NIX)2491 4860 w 10 R f (Operating System Security'',)2 1236 1 2692 4860 t 10 I f (AT&T Bell Laboratories)2 1053 1 3987 4860 t (Technical Journal)1 738 1 878 4980 t 10 R f (, vol. 63, no. 8, part 2, October, 1984.)8 1568 1 1624 4980 t (25. Crocker, D.)2 634 1 720 5160 t 10 I f (Standard for the Format of ARPA-Internet Text Messages)7 2368 1 1420 5160 t 10 R f ( 822, 1982.)2 466(. RFC)1 281 2 3796 5160 t (26. Postel, J.)2 525 1 720 5340 t 10 I f (Simple Mail Transfer Protocol)3 1255 1 1311 5340 t 10 R f ( 821, 1982.)2 466(. RFC)1 281 2 2574 5340 t ( J.)1 116(27. Linn,)1 372 2 720 5520 t 10 I f (Privacy Enhancement for Internet Electronic Mail: Part I: Message Encipherment and)10 3747 1 1293 5520 t (Authentication Procedures)1 1082 1 878 5640 t 10 R f ( 1040, 1988.)2 516(. RFC)1 281 2 1968 5640 t ( D.; Goldberger, J.; Reynolds, J.K.)5 1440( M.; Postel, J.B.; Chase,)4 1005(28. Butler,)1 433 3 720 5820 t 10 I f (Post Of\256ce Protocol - Version 2)5 1340 1 3667 5820 t 10 R f (.)5015 5820 w (RFC 937, 1985.)2 656 1 878 5940 t ( First Ten Years of Public Key Cryptography''.)7 2030( ``The)1 298( W.)1 163(29. Dif\256e,)1 416 4 720 6120 t 10 I f (Proc. IEEE)1 479 1 3704 6120 t 10 R f ( pp.)1 170(, vol. 76, no. 5,)4 679 2 4191 6120 t (560-577, May 1988.)2 832 1 878 6240 t (30. Rose, M.)2 530 1 720 6420 t 10 I f (Post Of\256ce Protocol - Version 3)5 1325 1 1316 6420 t 10 R f ( 1081, 1988)2 491(. RFC)1 281 2 2649 6420 t (31. Lambert, M.L.)2 754 1 720 6600 t 10 I f (PCMAIL: A Distributed Mail System for Personal Computers)7 2525 1 1540 6600 t 10 R f ( 1056, 1988)2 491(. RFC)1 281 2 4073 6600 t (32. Mockapetris, P.)2 796 1 720 6780 t 10 I f (Domain Names - Concepts and Facilities)5 1692 1 1582 6780 t 10 R f ( 1034, 1987.)2 516(. RFC)1 281 2 3282 6780 t (33. Mockapetris, P.)2 796 1 720 6960 t 10 I f (Domain Names - Implementations and Speci\256cations)5 2163 1 1582 6960 t 10 R f ( 1035, 1987.)2 516(. RFC)1 281 2 3753 6960 t cleartomark showpage restore %%EndPage: 16 16 %%Page: 17 17 save mark 17 pagesetup 10 R f (- 17 -)2 232 1 2764 480 t ( ``Hesiod'',)1 506(34. Dyer, S.P.)2 577 2 720 960 t 10 I f (Proceedings, Winter USENIX)2 1206 1 1836 960 t 10 R f (, 1988, Dallas, Texas.)3 892 1 3050 960 t ( for Open Network)3 825( An Authentication Service)3 1156( ``Kerberos:)1 539( J.G, Neuman, C., Schiller, J.I.)5 1334(35. Steiner,)1 466 5 720 1140 t (Systems'',)878 1260 w 10 I f (Proceedings, Winter USENIX)2 1206 1 1336 1260 t 10 R f (, 1988, Dallas, Texas.)3 892 1 2550 1260 t (36. Postel, J.)2 525 1 720 1440 t 10 I f (File Transfer Protocol)2 922 1 1311 1440 t 10 R f ( 959, 1985.)2 466(. RFC)1 281 2 2241 1440 t ( Fedor, M., Schoffstall, J., and Davin, J.)7 1722( J.,)1 131(37. Case,)1 377 3 720 1620 t 10 I f (A Simple Network Management Protocol)4 1715 1 3026 1620 t 10 R f (. RFC)1 291 1 4749 1620 t (1067, 1988.)1 483 1 878 1740 t ( Rose, M.)2 415( K. and)2 315(38. McCloghrie,)1 666 3 720 1920 t 10 I f (Management Information Base for Network Management of TCP/IP-)7 2853 1 2187 1920 t (based Internets)1 621 1 878 2040 t 10 R f ( 1988.)1 291( 1066.)1 258(. RFC)1 281 3 1507 2040 t ( Mogul, J.; Theimer, M.)4 1017( R.; Mann, T.;)3 612(39. Finlayson,)1 578 3 720 2220 t 10 I f (Reverse Address Resolution Protocol)3 1532 1 2999 2220 t 10 R f ( 903,)1 214(. RFC)1 287 2 4539 2220 t (1984.)878 2340 w (40. Sollins, K.R.)2 684 1 720 2520 t 10 I f (The TFTP Protocol \(Revision 2\))4 1326 1 1470 2520 t 10 R f ( 783, 1981.)2 466(. RFC)1 281 2 2804 2520 t (41. Croft, W.J.; Gilmore, J.)4 1126 1 720 2700 t 10 I f (Bootstrap Protocol)1 778 1 1912 2700 t 10 R f ( 951, 1985.)2 466(. RFC)1 281 2 2698 2700 t (42. Plummer, D.C.)2 772 1 720 2880 t 10 I f (An Ethernet Address Resolution Protocol)4 1687 1 1558 2880 t 10 R f ( 826, 1982.)2 466(. RFC)1 281 2 3253 2880 t ( Directions in Cryptography.'')3 1350( ``New)1 357( M.E.)1 270( W. and Hellman,)3 845(43. Dif\256e,)1 416 5 720 3060 t 10 I f (IEEE Transactions on)2 979 1 4061 3060 t (Information Theory)1 794 1 878 3180 t 10 R f (, vol. IT-22, no. 6, pp. 644-654.)6 1311 1 1680 3180 t ( Mechanisms in High-Level Network Protocols''.)5 2096( ``Security)1 479( V.L. and Kent, S.T.)4 905(44. Voydock,)1 549 4 720 3360 t 10 I f (ACM)4829 3360 w (Computer Surveys)1 743 1 878 3480 t 10 R f (, vol. 15, no. 2, pp. 135-171, June 1983.)8 1658 1 1629 3480 t ( D.W. and Price, W.L.)4 935(45. Davies,)1 460 2 720 3660 t 10 I f ( Networks: An Introduction to Data Security in)7 1943(Security for Computer)2 914 2 2183 3660 t (Teleprocessing and Electronic Funds Transfer.)4 1923 1 878 3780 t 10 R f (Wiley. 1984.)1 560 1 2867 3780 t (46. Defense Communications Agency.)3 1569 1 720 3960 t 10 I f (Defense Data Network Subscriber Security Guide)5 2029 1 2355 3960 t 10 R f (. 1983.)1 316 1 4392 3960 t ( in)1 129( Front End Interface Control Document'',)5 1794(47. ``Blacker)1 534 3 720 4140 t 10 I f (DDN Protocol Handbook)2 1079 1 3228 4140 t 10 R f ( Network)1 400(. DDN)1 325 2 4315 4140 t (Information Center, SRI International, vol. 1, 1985.)6 2110 1 878 4260 t ( Computer Security Center.)3 1159(48. DoD)1 352 2 720 4440 t 10 I f ( Evaluation Criteria)2 850(DoD Trusted Computer System)3 1312 2 2309 4440 t 10 R f (, 1983, CSC-)2 561 1 4479 4440 t (STD-001-83.)878 4560 w ( Center.)1 325(49. National Computer Security)3 1301 2 720 4740 t 10 I f (Trusted Network Interpretation of the Trusted Computer System)7 2627 1 2413 4740 t (Evaluation Criteria)1 795 1 878 4860 t 10 R f ( Version 1, July 31, 1987.)5 1073(. NCSC-TG-005,)1 727 2 1681 4860 t (50. St. Johns, M.)3 700 1 720 5040 t 10 I f (Draft Revised IP Security Option)4 1358 1 1486 5040 t 10 R f ( 1038, 1988.)2 516(. RFC)1 281 2 2852 5040 t ( Computer Security Center.)3 1150(51. DoD)1 352 2 720 5220 t 10 I f ( Behind CSC-STD-003-85: Computer Security)4 1918(Technical Rationale)1 825 2 2297 5220 t (Requirements)878 5340 w 10 R f (, CSC-STD-004-83, 1983.)2 1069 1 1435 5340 t ( Sun Environment''.)2 843( Networking in the)3 785( ``Secure)1 406( B. and Goldberg, D.)4 879(52. Taylor,)1 449 5 720 5520 t 10 I f (Proceedings, Summer)1 888 1 4152 5520 t (USENIX)878 5640 w 10 R f (, 1986, Atlanta, Georgia.)3 1014 1 1230 5640 t ( D.L.)1 239(53. Mills,)1 395 2 720 5820 t 10 I f ( Implementation)1 684(Network Time Protocol \(Version 1\) Speci\256cation and)6 2318 2 1443 5820 t 10 R f ( 1059,)1 282(. RFC)1 305 2 4453 5820 t (1988.)878 5940 w ( list message)2 527( Mailing)1 383(54. Mills, D.L.)2 611 3 720 6120 t 10 S1 f (<)2274 6120 w 10 R f (8901192354.aa03743)2330 6120 w 10 S1 f (@)3193 6120 w 10 R f (Huey.UDEL.EDU)3285 6120 w 10 S1 f (>)4022 6120 w 10 R f (, January 19, 1989.)3 784 1 4078 6120 t cleartomark showpage restore %%EndPage: 17 17 %%Trailer done %%Pages: 17