RFC 6528 on Defending against Sequence Number Attacks



Folks,

FYI. (the RFC is available at: <http://www.rfc-editor.org/rfc/rfc6528.txt>)

A new Request for Comments is now available in online RFC libraries.


RFC 6528

Title: Defending against Sequence Number Attacks
Author: F. Gont, S. Bellovin
Status: Standards Track
Stream: IETF
Date: February 2012
Pages: 12
Characters: 26917
Obsoletes: RFC1948
Updates: RFC0793

I-D Tag: draft-ietf-tcpm-rfc1948bis-02.txt

URL: http://www.rfc-editor.org/rfc/rfc6528.txt

This document specifies an algorithm for the generation of TCP
Initial Sequence Numbers (ISNs), such that the chances of an off-path
attacker guessing the sequence numbers in use by a target connection
are reduced. This document revises (and formally obsoletes) RFC
1948, and takes the ISN generation algorithm originally proposed in
that document to Standards Track, formally updating RFC 793.
[STANDARDS-TRACK]

This document is a product of the TCP Maintenance and Minor Extensions
Working Group of the IETF.

This is now a Proposed Standard Protocol.

STANDARDS TRACK: This document specifies an Internet standards track
protocol for the Internet community,and requests discussion and suggestions
for improvements. Please refer to the current edition of the Internet
Official Protocol Standards (STD 1) for the standardization state and
status of this protocol. Distribution of this memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
http://www.ietf.org/mailman/listinfo/ietf-announce
http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist

For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html.
For downloading RFCs, see http://www.rfc-editor.org/rfc.html.

Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor@xxxxxxxxxxxxxxx Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.



Relevant Pages

  • Re: weird scans from port 80
    ... So nmap doesn't have an OS-detection routine for any sort of reason ... > For gods sake would you rather have had the entire RFC posted? ... > insisting on violating the standards in the holy name of the firewall. ...
    (comp.os.linux.security)
  • [Full-disclosure] RFC 6528 on Defending against Sequence Number Attacks
    ... A new Request for Comments is now available in online RFC libraries. ... Defending against Sequence Number Attacks ... STANDARDS TRACK: This document specifies an Internet standards track ... Requests for special distribution should be addressed to either the ...
    (Full-Disclosure)
  • Re: Perl DBI Module: SQL query where there is space in field name
    ... Well, there is this slight problem of standards, encoded into RFCs. ... The relevant RFC in this case would be RFC 2046. ... serious newsreader does not render ... standard for usenet. ...
    (comp.lang.perl.misc)
  • Fwd: [ntpwg] RFC 5907 on Definitions of Managed Objects for Network Time Protocol Version 4 (NTPv4)
    ... A new Request for Comments is now available in online RFC libraries. ... of such a network participant and it is part of the NTP version 4 ... This document is a product of the Network Time Protocol Working Group of ... STANDARDS TRACK: This document specifies an Internet standards track ...
    (comp.protocols.time.ntp)
  • Re: [FAQ] Ungueltige eMail-Adressen im Usenet <2005-01-17>
    ... > gegen RFC 850 und RFC 1036, in denen die Grundlagen des heutigen ... Die entscheidende Textstelle aus ... dass der Absender eines Postings ... RFC2822 ist im Standards Track: ...
    (de.soc.netzkultur.umgangsformen)