draft-ietf-tsvwg-port-randomization-04.txt   draft-ietf-tsvwg-port-randomization-05.txt 
Transport Area Working Group M. Larsen Transport Area Working Group M. Larsen
(tsvwg) TietoEnator (tsvwg) TietoEnator
Internet-Draft F. Gont Internet-Draft F. Gont
Intended status: BCP UTN/FRH Intended status: BCP UTN/FRH
Expires: January 3, 2010 July 2, 2009 Expires: June 3, 2010 November 30, 2009
Port Randomization Port Randomization
draft-ietf-tsvwg-port-randomization-04 draft-ietf-tsvwg-port-randomization-05
Abstract
Recently, awareness has been raised about a number of "blind" attacks
that can be performed against the Transmission Control Protocol (TCP)
and similar protocols. The consequences of these attacks range from
throughput-reduction to broken connections or data corruption. These
attacks rely on the attacker's ability to guess or know the five-
tuple (Protocol, Source Address, Destination Address, Source Port,
Destination Port) that identifies the transport protocol instance to
be attacked. This document describes a number of simple and
efficient methods for the selection of the client port number, such
that the possibility of an attacker guessing the exact value is
reduced. While this is not a replacement for cryptographic methods
for protecting the connection, the described port number obfuscation
algorithms provide improved security/obfuscation with very little
effort and without any key management overhead. The algorithms
described in this document are local policies that may be
incrementally deployed, and that do not violate the specifications of
any of the transport protocols that may benefit from them, such as
TCP, UDP, UDP-lite, SCTP, DCCP, and RTP.
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 1, line 33 skipping to change at page 2, line 8
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 3, 2010. This Internet-Draft will expire on June 3, 2010.
Copyright Notice Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of Provisions Relating to IETF Documents
publication of this document (http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info) in effect on the date of
Please review these documents carefully, as they describe your rights publication of this document. Please review these documents
and restrictions with respect to this document. carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
Abstract include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
Recently, awareness has been raised about a number of "blind" attacks described in the BSD License.
that can be performed against the Transmission Control Protocol (TCP)
and similar protocols. The consequences of these attacks range from
throughput-reduction to broken connections or data corruption. These
attacks rely on the attacker's ability to guess or know the five-
tuple (Protocol, Source Address, Destination Address, Source Port,
Destination Port) that identifies the transport protocol instance to
be attacked. This document describes a number of simple and
efficient methods for the selection of the client port number, such
that the possibility of an attacker guessing the exact value is
reduced. While this is not a replacement for cryptographic methods
for protecting the connection, the described port number obfuscation
algorithms provide improved security/obfuscation with very little
effort and without any key management overhead. The algorithms
described in this document are local policies that may be
incrementally deployed, and that do not violate the specifications of
any of the transport protocols that may benefit from them, such as
TCP, UDP, UDP-lite, SCTP, DCCP, and RTP.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5
2. Ephemeral Ports . . . . . . . . . . . . . . . . . . . . . . . 6 2. Ephemeral Ports . . . . . . . . . . . . . . . . . . . . . . . 7
2.1. Traditional Ephemeral Port Range . . . . . . . . . . . . . 6 2.1. Traditional Ephemeral Port Range . . . . . . . . . . . . . 7
2.2. Ephemeral port selection . . . . . . . . . . . . . . . . . 6 2.2. Ephemeral port selection . . . . . . . . . . . . . . . . . 7
2.3. Collision of connection-id's . . . . . . . . . . . . . . . 7 2.3. Collision of connection-id's . . . . . . . . . . . . . . . 8
3. Obfuscating the Ephemeral Ports . . . . . . . . . . . . . . . 9 3. Obfuscating the Ephemeral Ports . . . . . . . . . . . . . . . 10
3.1. Characteristics of a good ephemeral port obfuscation 3.1. Characteristics of a good ephemeral port obfuscation
algorithm . . . . . . . . . . . . . . . . . . . . . . . . 9 algorithm . . . . . . . . . . . . . . . . . . . . . . . . 10
3.2. Ephemeral port number range . . . . . . . . . . . . . . . 10 3.2. Ephemeral port number range . . . . . . . . . . . . . . . 11
3.3. Ephemeral Port Obfuscation Algorithms . . . . . . . . . . 11 3.3. Ephemeral Port Obfuscation Algorithms . . . . . . . . . . 12
3.3.1. Algorithm 1: Simple port randomization algorithm . . . 11 3.3.1. Algorithm 1: Simple port randomization algorithm . . . 12
3.3.2. Algorithm 2: Another simple port randomization 3.3.2. Algorithm 2: Another simple port randomization
algorithm . . . . . . . . . . . . . . . . . . . . . . 13 algorithm . . . . . . . . . . . . . . . . . . . . . . 14
3.3.3. Algorithm 3: Simple hash-based algorithm . . . . . . . 13 3.3.3. Algorithm 3: Simple hash-based algorithm . . . . . . . 14
3.3.4. Algorithm 4: Double-hash obfuscation algorithm . . . . 15 3.3.4. Algorithm 4: Double-hash obfuscation algorithm . . . . 17
3.3.5. Algorithm 5: Random-increments port selection 3.3.5. Algorithm 5: Random-increments port selection
algorithm . . . . . . . . . . . . . . . . . . . . . . 17 algorithm . . . . . . . . . . . . . . . . . . . . . . 18
3.4. Secret-key considerations for hash-based port 3.4. Secret-key considerations for hash-based port
obfuscation algorithms . . . . . . . . . . . . . . . . . . 19 obfuscation algorithms . . . . . . . . . . . . . . . . . . 20
3.5. Choosing an ephemeral port obfuscation algorithm . . . . . 20 3.5. Choosing an ephemeral port obfuscation algorithm . . . . . 21
4. Port obfuscation and Network Address Port Translation 4. Port obfuscation and Network Address Port Translation
(NAPT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 (NAPT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
5. Security Considerations . . . . . . . . . . . . . . . . . . . 23 5. Security Considerations . . . . . . . . . . . . . . . . . . . 24
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 24 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25
7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 25 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 26
7.1. Normative References . . . . . . . . . . . . . . . . . . . 25 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 27
7.2. Informative References . . . . . . . . . . . . . . . . . . 26 8.1. Normative References . . . . . . . . . . . . . . . . . . . 27
8.2. Informative References . . . . . . . . . . . . . . . . . . 27
Appendix A. Survey of the algorithms in use by some popular Appendix A. Survey of the algorithms in use by some popular
implementations . . . . . . . . . . . . . . . . . . . 28 implementations . . . . . . . . . . . . . . . . . . . 30
A.1. FreeBSD . . . . . . . . . . . . . . . . . . . . . . . . . 28 A.1. FreeBSD . . . . . . . . . . . . . . . . . . . . . . . . . 30
A.2. Linux . . . . . . . . . . . . . . . . . . . . . . . . . . 28 A.2. Linux . . . . . . . . . . . . . . . . . . . . . . . . . . 30
A.3. NetBSD . . . . . . . . . . . . . . . . . . . . . . . . . . 28 A.3. NetBSD . . . . . . . . . . . . . . . . . . . . . . . . . . 30
A.4. OpenBSD . . . . . . . . . . . . . . . . . . . . . . . . . 28 A.4. OpenBSD . . . . . . . . . . . . . . . . . . . . . . . . . 30
A.5. OpenSolaris . . . . . . . . . . . . . . . . . . . . . . . 28 A.5. OpenSolaris . . . . . . . . . . . . . . . . . . . . . . . 30
Appendix B. Changes from previous versions of the draft (to Appendix B. Changes from previous versions of the draft (to
be removed by the RFC Editor before publication be removed by the RFC Editor before publication
of this document as a RFC . . . . . . . . . . . . . . 29 of this document as a RFC . . . . . . . . . . . . . . 31
B.1. Changes from draft-ietf-tsvwg-port-randomization-03 . . . 29 B.1. Changes from draft-ietf-tsvwg-port-randomization-04 . . . 31
B.2. Changes from draft-ietf-tsvwg-port-randomization-02 . . . 29 B.2. Changes from draft-ietf-tsvwg-port-randomization-03 . . . 31
B.3. Changes from draft-ietf-tsvwg-port-randomization-01 . . . 29 B.3. Changes from draft-ietf-tsvwg-port-randomization-02 . . . 31
B.4. Changes from draft-ietf-tsvwg-port-randomization-00 . . . 29 B.4. Changes from draft-ietf-tsvwg-port-randomization-01 . . . 31
B.5. Changes from draft-larsen-tsvwg-port-randomization-02 . . 29 B.5. Changes from draft-ietf-tsvwg-port-randomization-00 . . . 31
B.6. Changes from draft-larsen-tsvwg-port-randomization-01 . . 30 B.6. Changes from draft-larsen-tsvwg-port-randomization-02 . . 31
B.7. Changes from draft-larsen-tsvwg-port-randomization-00 . . 30 B.7. Changes from draft-larsen-tsvwg-port-randomization-01 . . 32
B.8. Changes from draft-larsen-tsvwg-port-randomisation-00 . . 30 B.8. Changes from draft-larsen-tsvwg-port-randomization-00 . . 32
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 31 B.9. Changes from draft-larsen-tsvwg-port-randomisation-00 . . 32
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 33
1. Introduction 1. Introduction
Recently, awareness has been raised about a number of "blind" attacks Recently, awareness has been raised about a number of "blind" attacks
(i.e., attacks that can be performed without the need to sniff the (i.e., attacks that can be performed without the need to sniff the
packets that correspond to the transport protocol instance to be packets that correspond to the transport protocol instance to be
attacked) that can be performed against the Transmission Control attacked) that can be performed against the Transmission Control
Protocol (TCP) [RFC0793] and similar protocols. The consequences of Protocol (TCP) [RFC0793] and similar protocols. The consequences of
these attacks range from throughput-reduction to broken connections these attacks range from throughput-reduction to broken connections
or data corruption [I-D.ietf-tcpm-icmp-attacks] [RFC4953] [Watson]. or data corruption [I-D.ietf-tcpm-icmp-attacks] [RFC4953] [Watson].
skipping to change at page 7, line 5 skipping to change at page 8, line 5
As each communication instance is identified by the five-tuple As each communication instance is identified by the five-tuple
{protocol, local IP address, local port, remote IP address, remote {protocol, local IP address, local port, remote IP address, remote
port}, the selection of ephemeral port numbers must result in a port}, the selection of ephemeral port numbers must result in a
unique five-tuple. unique five-tuple.
Selection of ephemeral ports such that they result in unique five- Selection of ephemeral ports such that they result in unique five-
tuples is handled by some implementations by having a per-protocol tuples is handled by some implementations by having a per-protocol
global 'next_ephemeral' variable that is equal to the previously global 'next_ephemeral' variable that is equal to the previously
chosen ephemeral port + 1, i.e. the selection process is: chosen ephemeral port + 1, i.e. the selection process is:
/* Initialization at system boot time. Initialization value could be random */ /* Initialization at system boot time. Could be random */
next_ephemeral = min_ephemeral; next_ephemeral = min_ephemeral;
/* Ephemeral port selection function */ /* Ephemeral port selection function */
count = max_ephemeral - min_ephemeral + 1; count = max_ephemeral - min_ephemeral + 1;
do { do {
port = next_ephemeral; port = next_ephemeral;
if (next_ephemeral == max_ephemeral) { if (next_ephemeral == max_ephemeral) {
next_ephemeral = min_ephemeral; next_ephemeral = min_ephemeral;
} else { } else {
next_ephemeral++; next_ephemeral++;
} }
if (five-tuple is unique) if (five-tuple is unique)
return port; return port;
count--; count--;
} while (count > 0); } while (count > 0);
return ERROR; return ERROR;
Figure 1 Figure 1
This algorithm works well provided that the number of connections for This algorithm works well provided that the number of connections for
a each transport protocol that have a life-time longer than it takes a each transport protocol that have a life-time longer than it takes
to exhaust the total ephemeral port range is small, so that five- to exhaust the total ephemeral port range is small, so that five-
tuple collisions are rare. tuple collisions are rare.
However, this method has the drawback that the 'next_ephemeral' However, this method has the drawback that the 'next_ephemeral'
variable and thus the ephemeral port range is shared between all variable and thus the ephemeral port range is shared between all
skipping to change at page 14, line 12 skipping to change at page 15, line 12
(local IP address, remote IP addresses, remote port), so that the (local IP address, remote IP addresses, remote port), so that the
port reuse frequency is the lowest possible. Each of these port reuse frequency is the lowest possible. Each of these
'next_ephemeral' variables should be initialized with random values 'next_ephemeral' variables should be initialized with random values
within the ephemeral port range and would thus separate the ephemeral within the ephemeral port range and would thus separate the ephemeral
port ranges of the connections entirely. Since we do not want to port ranges of the connections entirely. Since we do not want to
maintain in memory all these 'next_ephemeral' values, we propose an maintain in memory all these 'next_ephemeral' values, we propose an
offset function F(), that can be computed from the local IP address, offset function F(), that can be computed from the local IP address,
remote IP address, remote port and a secret key. F() will yield remote IP address, remote port and a secret key. F() will yield
(practically) different values for each set of arguments, i.e.: (practically) different values for each set of arguments, i.e.:
/* Initialization code at system boot time. Initialization value could be random. */ /* Initialization at system boot time. Could be random. */
next_ephemeral = 0; next_ephemeral = 0;
/* Ephemeral port selection function */ /* Ephemeral port selection function */
num_ephemeral = max_ephemeral - min_ephemeral + 1; num_ephemeral = max_ephemeral - min_ephemeral + 1;
offset = F(local_IP, remote_IP, remote_port, secret_key); offset = F(local_IP, remote_IP, remote_port, secret_key);
count = num_ephemeral; count = num_ephemeral;
do { do {
port = min_ephemeral + (next_ephemeral + offset) % num_ephemeral; port = min_ephemeral +
next_ephemeral++; (next_ephemeral + offset) % num_ephemeral;
if(five-tuple is unique) next_ephemeral++;
return port;
count--; if(five-tuple is unique)
return port;
} while (count > 0); count--;
return ERROR; } while (count > 0);
return ERROR;
Figure 4 Figure 4
We will refer to this algorithm as 'Algorithm 3'. We will refer to this algorithm as 'Algorithm 3'.
In other words, the function F() provides a per-connection fixed In other words, the function F() provides a per-connection fixed
offset within the global ephemeral port range. Both the 'offset' and offset within the global ephemeral port range. Both the 'offset' and
'next_ephemeral' variables may take any value within the storage type 'next_ephemeral' variables may take any value within the storage type
range since we are restricting the resulting port similar to that range since we are restricting the resulting port similar to that
shown in Figure 3. This allows us to simply increment the shown in Figure 3. This allows us to simply increment the
skipping to change at page 18, line 5 skipping to change at page 19, line 5
3.3.5. Algorithm 5: Random-increments port selection algorithm 3.3.5. Algorithm 5: Random-increments port selection algorithm
[Allman] introduced another port obfuscation algorithm, which offers [Allman] introduced another port obfuscation algorithm, which offers
a middle ground between the algorithms that select ephemeral ports a middle ground between the algorithms that select ephemeral ports
randomly (such as those described in Section 3.3.1 and randomly (such as those described in Section 3.3.1 and
Section 3.3.2), and those that offer obfuscation but no randomization Section 3.3.2), and those that offer obfuscation but no randomization
(such as those described in Section 3.3.3 and Section 3.3.4). We (such as those described in Section 3.3.3 and Section 3.3.4). We
will refer to this algorithm as 'Algorithm 5'. will refer to this algorithm as 'Algorithm 5'.
/* Initialization code at system boot time. */ /* Initialization code at system boot time. */
next_ephemeral = random() % 65536; /* Initialization value */ next_ephemeral = random() % 65536; /* Initialization value */
N = 500; /* Determines the tradeoff (configurable) */ N = 500; /* Determines the tradeoff */
/* Ephemeral port selection function */ /* Ephemeral port selection function */
num_ephemeral = max_ephemeral - min_ephemeral + 1; num_ephemeral = max_ephemeral - min_ephemeral + 1;
count = num_ephemeral; count = num_ephemeral;
do { do {
next_ephemeral = next_ephemeral + (random() % N) + 1; next_ephemeral = next_ephemeral + (random() % N) + 1;
port = min_ephemeral + (next_ephemeral % num_ephemeral); port = min_ephemeral + (next_ephemeral % num_ephemeral);
if(five-tuple is unique) if(five-tuple is unique)
return port; return port;
count--; count--;
} while (count > 0); } while (count > 0);
return ERROR; return ERROR;
Figure 6 Figure 6
This algorithm aims at at producing a monotonically-increasing This algorithm aims at at producing a monotonically-increasing
sequence to prevent the collision of connection-id's, while avoiding sequence to prevent the collision of connection-id's, while avoiding
the use of fixed increments, which would lead to trivially- the use of fixed increments, which would lead to trivially-
predictable sequences. The value "N" allows for direct control of predictable sequences. The value "N" allows for direct control of
the tradeoff between the level of obfuscation and the port reuse the tradeoff between the level of obfuscation and the port reuse
frequency. The smaller the value of "N", the more linear the more frequency. The smaller the value of "N", the more linear the more
similar this algorithm is to the traditioanl BSD port selection similar this algorithm is to the traditioanl BSD port selection
skipping to change at page 24, line 5 skipping to change at page 25, line 5
ephemeral port offset (Algorithm 3 and Algorithm 4) for a given five- ephemeral port offset (Algorithm 3 and Algorithm 4) for a given five-
tuple can be sampled and subsequently used to attack an innocent peer tuple can be sampled and subsequently used to attack an innocent peer
reusing this address. However, this is only possible until a re- reusing this address. However, this is only possible until a re-
keying happens as described above. Also, since ephemeral ports are keying happens as described above. Also, since ephemeral ports are
only used on the client side (e.g. the one initiating the only used on the client side (e.g. the one initiating the
connection), both the attacker and the new peer need to act as connection), both the attacker and the new peer need to act as
servers in the scenario just described. While servers using dynamic servers in the scenario just described. While servers using dynamic
IP addresses exist, they are not very common and with an appropriate IP addresses exist, they are not very common and with an appropriate
re-keying mechanism the effect of this attack is limited. re-keying mechanism the effect of this attack is limited.
6. Acknowledgements 6. IANA Considerations
There are no IANA registries within this document. The RFC-Editor
can remove this section before publication of this document as an
RFC.
7. Acknowledgements
The offset function was inspired by the mechanism proposed by Steven The offset function was inspired by the mechanism proposed by Steven
Bellovin in [RFC1948] for defending against TCP sequence number Bellovin in [RFC1948] for defending against TCP sequence number
attacks. attacks.
The authors would like to thank (in alphabetical order) Mark Allman, The authors would like to thank (in alphabetical order) Mark Allman,
Matthias Bethke, Stephane Bortzmeyer, Brian Carpenter, Vincent Matthias Bethke, Stephane Bortzmeyer, Brian Carpenter, Vincent
Deffontaines, Lars Eggert, Gorry Fairhurst, Guillermo Gont, Alfred Deffontaines, Lars Eggert, Gorry Fairhurst, Guillermo Gont, Alfred
Hoenes, Amit Klein, Carlos Pignataro, Kacheong Poon, Joe Touch, and Hoenes, Amit Klein, Carlos Pignataro, Kacheong Poon, Joe Touch, and
Dan Wing for their valuable feedback on earlier versions of this Dan Wing for their valuable feedback on earlier versions of this
document. document.
The authors would like to thank FreeBSD's Mike Silbersack for a very The authors would like to thank FreeBSD's Mike Silbersack for a very
fruitful discussion about ephemeral port selection techniques. fruitful discussion about ephemeral port selection techniques.
Fernando Gont would like to thank Carolina Suarez for her love and Fernando Gont would like to thank Carolina Suarez for her love and
support. support.
7. References 8. References
7.1. Normative References 8.1. Normative References
[RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
August 1980. August 1980.
[RFC0793] Postel, J., "Transmission Control Protocol", STD 7, [RFC0793] Postel, J., "Transmission Control Protocol", STD 7,
RFC 793, September 1981. RFC 793, September 1981.
[RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, [RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,
April 1992. April 1992.
[RFC1948] Bellovin, S., "Defending Against Sequence Number Attacks",
RFC 1948, May 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2385] Heffernan, A., "Protection of BGP Sessions via the TCP MD5 [RFC2385] Heffernan, A., "Protection of BGP Sessions via the TCP MD5
Signature Option", RFC 2385, August 1998. Signature Option", RFC 2385, August 1998.
[RFC2663] Srisuresh, P. and M. Holdrege, "IP Network Address
Translator (NAT) Terminology and Considerations",
RFC 2663, August 1999.
[RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V.
Jacobson, "RTP: A Transport Protocol for Real-Time Jacobson, "RTP: A Transport Protocol for Real-Time
Applications", STD 64, RFC 3550, July 2003. Applications", STD 64, RFC 3550, July 2003.
[RFC3828] Larzon, L-A., Degermark, M., Pink, S., Jonsson, L-E., and [RFC3828] Larzon, L-A., Degermark, M., Pink, S., Jonsson, L-E., and
G. Fairhurst, "The Lightweight User Datagram Protocol G. Fairhurst, "The Lightweight User Datagram Protocol
(UDP-Lite)", RFC 3828, July 2004. (UDP-Lite)", RFC 3828, July 2004.
[RFC4086] Eastlake, D., Schiller, J., and S. Crocker, "Randomness [RFC4086] Eastlake, D., Schiller, J., and S. Crocker, "Randomness
Requirements for Security", BCP 106, RFC 4086, June 2005. Requirements for Security", BCP 106, RFC 4086, June 2005.
[RFC4301] Kent, S. and K. Seo, "Security Architecture for the [RFC4301] Kent, S. and K. Seo, "Security Architecture for the
Internet Protocol", RFC 4301, December 2005. Internet Protocol", RFC 4301, December 2005.
[RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram [RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram
Congestion Control Protocol (DCCP)", RFC 4340, March 2006. Congestion Control Protocol (DCCP)", RFC 4340, March 2006.
[RFC4960] Stewart, R., "Stream Control Transmission Protocol", [RFC4960] Stewart, R., "Stream Control Transmission Protocol",
RFC 4960, September 2007. RFC 4960, September 2007.
7.2. Informative References 8.2. Informative References
[FreeBSD] The FreeBSD Project, "http://www.freebsd.org". [FreeBSD] The FreeBSD Project, "http://www.freebsd.org".
[IANA] "IANA Port Numbers", [IANA] "IANA Port Numbers",
<http://www.iana.org/assignments/port-numbers>. <http://www.iana.org/assignments/port-numbers>.
[I-D.ietf-tcpm-icmp-attacks] [I-D.ietf-tcpm-icmp-attacks]
Gont, F., "ICMP attacks against TCP", Gont, F., "ICMP attacks against TCP",
draft-ietf-tcpm-icmp-attacks-05 (work in progress), draft-ietf-tcpm-icmp-attacks-06 (work in progress),
June 2009. August 2009.
[RFC1337] Braden, B., "TIME-WAIT Assassination Hazards in TCP", [RFC1337] Braden, B., "TIME-WAIT Assassination Hazards in TCP",
RFC 1337, May 1992. RFC 1337, May 1992.
[RFC1948] Bellovin, S., "Defending Against Sequence Number Attacks",
RFC 1948, May 1996.
[RFC2663] Srisuresh, P. and M. Holdrege, "IP Network Address
Translator (NAT) Terminology and Considerations",
RFC 2663, August 1999.
[RFC4953] Touch, J., "Defending TCP Against Spoofing Attacks", [RFC4953] Touch, J., "Defending TCP Against Spoofing Attacks",
RFC 4953, July 2007. RFC 4953, July 2007.
[Allman] Allman, M., "Comments On Selecting Ephemeral Ports", ACM [Allman] Allman, M., "Comments On Selecting Ephemeral Ports", ACM
Computer Communicatiion Review, 39(2), 2009. Computer Communicatiion Review, 39(2), 2009.
[CPNI-TCP] [CPNI-TCP]
Gont, F., "CPNI Technical Note 3/2009: Security Assessment Gont, F., "CPNI Technical Note 3/2009: Security Assessment
of the Transmission Control Protocol (TCP)", UK Centre of the Transmission Control Protocol (TCP)", UK Centre
for the Protection of National Infrastructure, 2009. for the Protection of National Infrastructure, 2009.
skipping to change at page 27, line 7 skipping to change at page 29, line 4
[Silbersack] [Silbersack]
Silbersack, M., "Improving TCP/IP security through Silbersack, M., "Improving TCP/IP security through
randomization without sacrificing interoperability.", randomization without sacrificing interoperability.",
EuroBSDCon 2005 Conference . EuroBSDCon 2005 Conference .
[Stevens] Stevens, W., "Unix Network Programming, Volume 1: [Stevens] Stevens, W., "Unix Network Programming, Volume 1:
Networking APIs: Socket and XTI", Prentice Hall , 1998. Networking APIs: Socket and XTI", Prentice Hall , 1998.
[I-D.ietf-tcpm-tcp-auth-opt] [I-D.ietf-tcpm-tcp-auth-opt]
Touch, J., Mankin, A., and R. Bonica, "The TCP Touch, J., Mankin, A., and R. Bonica, "The TCP
Authentication Option", draft-ietf-tcpm-tcp-auth-opt-04 Authentication Option", draft-ietf-tcpm-tcp-auth-opt-08
(work in progress), March 2009. (work in progress), October 2009.
[Watson] Watson, P., "Slipping in the Window: TCP Reset Attacks", [Watson] Watson, P., "Slipping in the Window: TCP Reset Attacks",
CanSecWest 2004 Conference . CanSecWest 2004 Conference .
Appendix A. Survey of the algorithms in use by some popular Appendix A. Survey of the algorithms in use by some popular
implementations implementations
A.1. FreeBSD A.1. FreeBSD
FreeBSD implements Algorithm 1, and in response to this document now FreeBSD implements Algorithm 1, and in response to this document now
skipping to change at page 29, line 9 skipping to change at page 31, line 9
A.5. OpenSolaris A.5. OpenSolaris
OpenSolaris implements Algorithm 1, with a 'min_port' of 32768 and a OpenSolaris implements Algorithm 1, with a 'min_port' of 32768 and a
'max_port' of 65535. [OpenSolaris] 'max_port' of 65535. [OpenSolaris]
Appendix B. Changes from previous versions of the draft (to be removed Appendix B. Changes from previous versions of the draft (to be removed
by the RFC Editor before publication of this document as a by the RFC Editor before publication of this document as a
RFC RFC
B.1. Changes from draft-ietf-tsvwg-port-randomization-03 B.1. Changes from draft-ietf-tsvwg-port-randomization-04
o Fixes nits.
B.2. Changes from draft-ietf-tsvwg-port-randomization-03
o Addresses WGLC comments from Mark Allman. See: o Addresses WGLC comments from Mark Allman. See:
http://www.ietf.org/mail-archive/web/tsvwg/current/msg09149.html http://www.ietf.org/mail-archive/web/tsvwg/current/msg09149.html
B.2. Changes from draft-ietf-tsvwg-port-randomization-02 B.3. Changes from draft-ietf-tsvwg-port-randomization-02
o Added clarification of what we mean by "port randomization". o Added clarification of what we mean by "port randomization".
o Addresses feedback sent on-list and off-list by Mark Allman. o Addresses feedback sent on-list and off-list by Mark Allman.
o Added references to [Allman] and [CPNI-TCP]. o Added references to [Allman] and [CPNI-TCP].
B.3. Changes from draft-ietf-tsvwg-port-randomization-01 B.4. Changes from draft-ietf-tsvwg-port-randomization-01
o Added Section 2.3. o Added Section 2.3.
o Added discussion of "lazy binding in Section 3.5. o Added discussion of "lazy binding in Section 3.5.
o Added discussion of obtaining the number of outgoing connections. o Added discussion of obtaining the number of outgoing connections.
o Miscellaneous editorial changes o Miscellaneous editorial changes
B.4. Changes from draft-ietf-tsvwg-port-randomization-00 B.5. Changes from draft-ietf-tsvwg-port-randomization-00
o Added Section 3.1. o Added Section 3.1.
o Changed Intended Status from "Standards Track" to "BCP". o Changed Intended Status from "Standards Track" to "BCP".
o Miscellaneous editorial changes. o Miscellaneous editorial changes.
B.5. Changes from draft-larsen-tsvwg-port-randomization-02 B.6. Changes from draft-larsen-tsvwg-port-randomization-02
o Draft resubmitted as draft-ietf. o Draft resubmitted as draft-ietf.
o Included references and text on protocols other than TCP. o Included references and text on protocols other than TCP.
o Added the second variant of the simple port randomization o Added the second variant of the simple port randomization
algorithm algorithm
o Reorganized the algorithms into different sections o Reorganized the algorithms into different sections
o Miscellaneous editorial changes. o Miscellaneous editorial changes.
B.6. Changes from draft-larsen-tsvwg-port-randomization-01 B.7. Changes from draft-larsen-tsvwg-port-randomization-01
o No changes. Draft resubmitted after expiration. o No changes. Draft resubmitted after expiration.
B.7. Changes from draft-larsen-tsvwg-port-randomization-00 B.8. Changes from draft-larsen-tsvwg-port-randomization-00
o Fixed a bug in expressions used to calculate number of ephemeral o Fixed a bug in expressions used to calculate number of ephemeral
ports ports
o Added a survey of the algorithms in use by popular TCP o Added a survey of the algorithms in use by popular TCP
implementations implementations
o The whole document was reorganizaed o The whole document was reorganizaed
o Miscellaneous editorial changes o Miscellaneous editorial changes
B.8. Changes from draft-larsen-tsvwg-port-randomisation-00 B.9. Changes from draft-larsen-tsvwg-port-randomisation-00
o Document resubmitted after original document by M. Larsen expired o Document resubmitted after original document by M. Larsen expired
in 2004 in 2004
o References were included to current WG documents of the TCPM WG o References were included to current WG documents of the TCPM WG
o The document was made more general, to apply to all transport o The document was made more general, to apply to all transport
protocols protocols
o Miscellaneous editorial changes o Miscellaneous editorial changes
 End of changes. 50 change blocks. 
133 lines changed or deleted 151 lines changed or added

This html diff was produced by rfcdiff 1.37a. The latest version is available from http://tools.ietf.org/tools/rfcdiff/