Presentation is loading. Please wait.

Presentation is loading. Please wait.

Port randomization (draft-ietf-tsvwg-port-randomization) Michael Larsen & Fernando Gont 73rd IETF Meeting, November 16-21, 2008 Minneapolis, MN, USA.

Published byNelson Wilkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Port randomization (draft-ietf-tsvwg-port-randomization) Michael Larsen & Fernando Gont 73rd IETF Meeting, November 16-21, 2008 Minneapolis, MN, USA."— Presentation transcript:

1 Port randomization (draft-ietf-tsvwg-port-randomization) Michael Larsen & Fernando Gont 73rd IETF Meeting, November 16-21, 2008 Minneapolis, MN, USA

2 Overview This document describes how to defend transport protocols against blind attacks through ephemeral port obfuscation It provides an overview of the characteristics of a good ephemeral port selection algorithm It describes a number of approaches for obfuscating ephemeral port numbers It includes a survey of what popular implementations are doing with respect to ephemeral port selection

3 Document history This document was born in 2004 to address the problem of blind attacks against transport protocols. It was adopted in 2007 as a wg item of the TSVWG. It has been pretty stable during the last few revisions We have received very thorough feedback from Mark Allman on the last revision (-02) There has been some discussion on-list that will lead to a number of changes

4 Changes to be incorporated in the next revision The document title will be changed  “Port randomization” -> “Defending against blind attacks through ephemeral port obfuscation” The comparision of the different algorithms will be backed-up by the results of ongoing work by Mark Allman. Some text will be included pointing out that collisions might be avoided by maintaining the TIME-WAIT state also on the client-side. RFC 1337 and [Faber et al, 1999] (“The TIME-WAIT state and its effect…”) will be referenced for a discussion of the TIME-WAIT issues. A small comment will be included about the TCP SEQ numbers and the TCP timestamps heuristics performed by a number of implementations when processing incoming connection requests A number of clarifications will be incorporated Overall, all this feedback will require small changes to the document

5 Moving the document forward Our plan is to publish a revision (-03) of this document in the next few weeks that incorporates the aforementioned changes We think that a WGLC should be started when that version is published

6 Any comments or questions?

Download ppt "Port randomization (draft-ietf-tsvwg-port-randomization) Michael Larsen & Fernando Gont 73rd IETF Meeting, November 16-21, 2008 Minneapolis, MN, USA."

Similar presentations

73rd IETF meeting, November 16-21, 2008

73rd IETF meeting, November 16-21, 2008
71 th IETF – Philadelphia, USA March 2008 PCECP Requirements and Protocol Extensions in Support of Global Concurrent Optimization Young Lee (Huawei) J-L.

71 th IETF – Philadelphia, USA March 2008 PCECP Requirements and Protocol Extensions in Support of Global Concurrent Optimization Young Lee (Huawei) J-L.
1 IETF 74, 30 Jul 2009draft-ietf-tsvwg-rsvp-security-groupkeying-05.txt Applicability of Keying Methods for RSVP security draft-ietf-tsvwg-rsvp-security-groupkeying-05.txt.

1 IETF 74, 30 Jul 2009draft-ietf-tsvwg-rsvp-security-groupkeying-05.txt Applicability of Keying Methods for RSVP security draft-ietf-tsvwg-rsvp-security-groupkeying-05.txt.
Deployment Considerations for Dual-stack Lite IETF 80 Prague Yiu Lee, Roberta Magione, Carl Williams, Christian Jacquenet Mohamed Boucadair.

Deployment Considerations for Dual-stack Lite IETF 80 Prague Yiu Lee, Roberta Magione, Carl Williams, Christian Jacquenet Mohamed Boucadair.
Security Assessment of the Internet Protocol version 4 (IPv4) draft-ietf-opsec-ip-security Fernando Gont project carried out on behalf of UK CPNI 76th.

Security Assessment of the Internet Protocol version 4 (IPv4) draft-ietf-opsec-ip-security Fernando Gont project carried out on behalf of UK CPNI 76th.
On the implementation of TCP urgent data (draft-gont-tcpm-urgent-data) Fernando Gont & A. Yourtchenko 73rd IETF meeting, November 16-21, 2008 Minneapolis,

On the implementation of TCP urgent data (draft-gont-tcpm-urgent-data) Fernando Gont & A. Yourtchenko 73rd IETF meeting, November 16-21, 2008 Minneapolis,
Information Sciences Institute Recommendations for Transport Port Uses draft-ietf-tsvwg-port-use-05 IETF 91 - Honolulu Joe Touch, USC/ISI As presented.

Information Sciences Institute Recommendations for Transport Port Uses draft-ietf-tsvwg-port-use-05 IETF 91 - Honolulu Joe Touch, USC/ISI As presented.
Lionel Morand DIME WG IETF 79 Diameter Design Guidelines Thursday, November 11, 2010 Lionel Morand.

Lionel Morand DIME WG IETF 79 Diameter Design Guidelines Thursday, November 11, 2010 Lionel Morand.
TSVWG #1 IETF-92 (Dallas) 24 th March 2015 Gorry Fairhurst David Black WG chairs.

TSVWG #1 IETF-92 (Dallas) 24 th March 2015 Gorry Fairhurst David Black WG chairs.
Mitigating Teredo Routing Loop Attacks (draft-gont-6man-teredo-loops-00 ) Fernando Gont on behalf of UK CPNI IETF 79 November 7-12, 2010. Beijing, China.

Mitigating Teredo Routing Loop Attacks (draft-gont-6man-teredo-loops-00 ) Fernando Gont on behalf of UK CPNI IETF 79 November 7-12, Beijing, China.
Security implications of Network Address Translators (NATs) (draft-gont-behave-nat-security) Fernando Gont Pyda Srisuresh UTN/FRH EMC Corporation 76th.

Security implications of Network Address Translators (NATs) (draft-gont-behave-nat-security) Fernando Gont Pyda Srisuresh UTN/FRH EMC Corporation 76th.
Ongoing work at the IETF on TCP and IP security Fernando Gont project carried out on behalf of UK CPNI HACK.LU 09 Conference October 28-30, 2009. Luxembourg.

Ongoing work at the IETF on TCP and IP security Fernando Gont project carried out on behalf of UK CPNI HACK.LU 09 Conference October 28-30, Luxembourg.
ICMP attacks against TCP draft-ietf-tcpm-icmp-attacks-01.txt Fernando Gont (UTN/FRH) 67 th IETF Meeting, San Diego, California, USA November 5-10, 2006.

ICMP attacks against TCP draft-ietf-tcpm-icmp-attacks-01.txt Fernando Gont (UTN/FRH) 67 th IETF Meeting, San Diego, California, USA November 5-10, 2006.
Security Assessment of the Transmission Control Protocol (TCP) (draft-ietf-tcpm-tcp-security-02.txt) Fernando Gont project carried out on behalf of UK.

Security Assessment of the Transmission Control Protocol (TCP) (draft-ietf-tcpm-tcp-security-02.txt) Fernando Gont project carried out on behalf of UK.
Draft-chown-v6ops-port-scanning-implications-02 IPv6 Implications for TCP/UDP Port Scanning Tim Chown IETF 65, March 23rd 2006 Dallas,

Draft-chown-v6ops-port-scanning-implications-02 IPv6 Implications for TCP/UDP Port Scanning Tim Chown IETF 65, March 23rd 2006 Dallas,
TSVWG IETF-68 James Polk Lars Eggert Magnus Westerlund.

TSVWG IETF-68 James Polk Lars Eggert Magnus Westerlund.
Quick-Start for TCP and IP Draft-amit-quick-start-04.txt A.Jain, S. Floyd, M. Allman, and P. Sarolahti TSVWG, March 2005 Presentation last IETF: www.icir.org/floyd/talks.

Quick-Start for TCP and IP Draft-amit-quick-start-04.txt A.Jain, S. Floyd, M. Allman, and P. Sarolahti TSVWG, March 2005 Presentation last IETF:
EAP Extensions for EAP Re- authentication Protocol (ERP) draft-wu-hokey-rfc5296bis-01 Yang Shi Qin Wu Zhen Cao

EAP Extensions for EAP Re- authentication Protocol (ERP) draft-wu-hokey-rfc5296bis-01 Yang Shi Qin Wu Zhen Cao
TCP User Timeout Option Lars Eggert (NEC) Fernando Gont (UTN/FRH) IETF-64, Vancouver, Canada November 10, 2005.

TCP User Timeout Option Lars Eggert (NEC) Fernando Gont (UTN/FRH) IETF-64, Vancouver, Canada November 10, 2005.
Device Reset Characterization draft-ietf-bmwg-reset-02 Rajiv Asati Carlos Pignataro Fernando Calabria Cesar Olvera Presented by Andrew.

Device Reset Characterization draft-ietf-bmwg-reset-02 Rajiv Asati Carlos Pignataro Fernando Calabria Cesar Olvera Presented by Andrew.

Similar presentations

Ads by Google