%!PS
%%Version: 3.1
%%DocumentFonts: (atend)
%%Pages: (atend)
%%EndComments
%
% Version 3.1 prologue for troff files.
%
/#copies 1 store
/aspectratio 1 def
/formsperpage 1 def
/landscape false def
/linewidth .3 def
/magnification 1 def
/margin 0 def
/orientation 0 def
/resolution 720 def
/xoffset 0 def
/yoffset 0 def
/roundpage true def
/useclippath true def
/pagebbox [0 0 612 792] def
/R  /Times-Roman def
/I  /Times-Italic def
/B  /Times-Bold def
/BI /Times-BoldItalic def
/H  /Helvetica def
/HI /Helvetica-Oblique def
/HB /Helvetica-Bold def
/HX /Helvetica-BoldOblique def
/CW /Courier def
/CO /Courier def
/CI /Courier-Oblique def
/CB /Courier-Bold def
/CX /Courier-BoldOblique def
/PA /Palatino-Roman def
/PI /Palatino-Italic def
/PB /Palatino-Bold def
/PX /Palatino-BoldItalic def
/Hr /Helvetica-Narrow def
/Hi /Helvetica-Narrow-Oblique def
/Hb /Helvetica-Narrow-Bold def
/Hx /Helvetica-Narrow-BoldOblique def
/KR /Bookman-Light def
/KI /Bookman-LightItalic def
/KB /Bookman-Demi def
/KX /Bookman-DemiItalic def
/AR /AvantGarde-Book def
/AI /AvantGarde-BookOblique def
/AB /AvantGarde-Demi def
/AX /AvantGarde-DemiOblique def
/NR /NewCenturySchlbk-Roman def
/NI /NewCenturySchlbk-Italic def
/NB /NewCenturySchlbk-Bold def
/NX /NewCenturySchlbk-BoldItalic def
/ZD /ZapfDingbats def
/ZI /ZapfChancery-MediumItalic def
/VR /Varitimes#Roman def
/VI /Varitimes#Italic def
/VB /Varitimes#Bold def
/VX /Varitimes#BoldItalic def
/S  /S def
/S1 /S1 def
/GR /Symbol def
/inch {72 mul} bind def
/min {2 copy gt {exch} if pop} bind def
/setup {
	counttomark 2 idiv {def} repeat pop
	landscape {/orientation 90 orientation add def} if
	/scaling 72 resolution div def
	linewidth setlinewidth
	1 setlinecap
	pagedimensions
	xcenter ycenter translate
	orientation neg rotate
	width 2 div neg height 2 div translate
	xoffset inch yoffset inch neg translate
	margin 2 div dup neg translate
	magnification dup aspectratio mul scale
	scaling scaling scale
	/Symbol /S Sdefs cf
	/Times-Roman /S1 S1defs cf
	0 0 moveto
} def
/pagedimensions {
	useclippath userdict /gotpagebbox known not and {
		/pagebbox [clippath pathbbox newpath] def
		roundpage currentdict /roundpagebbox known and {roundpagebbox} if
	} if
	pagebbox aload pop
	4 -1 roll exch 4 1 roll 4 copy
	landscape {4 2 roll} if
	sub /width exch def
	sub /height exch def
	add 2 div /xcenter exch def
	add 2 div /ycenter exch def
	userdict /gotpagebbox true put
} def
/pagesetup {
	/page exch def
	currentdict /pagedict known currentdict page known and {
		page load pagedict exch get cvx exec
	} if
} def
/decodingdefs [
	{counttomark 2 idiv {y moveto show} repeat}
	{neg /y exch def counttomark 2 idiv {y moveto show} repeat}
	{neg moveto {2 index stringwidth pop sub exch div 0 32 4 -1 roll widthshow} repeat}
	{neg moveto {spacewidth sub 0.0 32 4 -1 roll widthshow} repeat}
	{counttomark 2 idiv {y moveto show} repeat}
	{neg setfunnytext}
] def
/setdecoding {/t decodingdefs 3 -1 roll get bind def} bind def
/w {neg moveto show} bind def
/m {neg dup /y exch def moveto} bind def
/done {/lastpage where {pop lastpage} if} def
/f {
	dup /font exch def findfont exch
	dup /ptsize exch def scaling div dup /size exch def scalefont setfont
	linewidth ptsize mul scaling 10 mul div setlinewidth
	/spacewidth ( ) stringwidth pop def
} bind def
/sf {f} bind def
/cf {
	dup length 2 idiv
	/entries exch def
	/chtab exch def
	/newfont exch def
	findfont dup length 1 add dict
	/newdict exch def
	{1 index /FID ne {newdict 3 1 roll put} {pop pop} ifelse} forall
	newdict /Metrics entries dict put
	newdict /Metrics get
	begin
		chtab aload pop
		1 1 entries {pop def} for
		newfont newdict definefont pop
	end
} bind def
%
% A few arrays used to adjust reference points and character widths in some
% of the printer resident fonts. If square roots are too high try changing
% the lines describing /radical and /radicalex to,
%
%	/radical	[0 -75 550 0]
%	/radicalex	[-50 -75 500 0]
%
/Sdefs [
	/bracketlefttp		[220 500]
	/bracketleftbt		[220 500]
	/bracketrighttp		[-70 380]
	/bracketrightbt		[-70 380]
	/braceleftbt		[220 490]
	/bracketrightex		[220 -125 500 0]
	/radical		[0 0 550 0]
	/radicalex		[-50 0 500 0]
	/parenleftex		[-20 -170 0 0]
	/integral		[100 -50 500 0]
	/infinity		[10 -75 730 0]
] def
/S1defs [
	/underscore		[0 80 500 0]
	/endash			[7 90 650 0]
] def
%%EndProlog
%%BeginSetup
mark
/resolution 720 def
setup
2 setdecoding
%%EndSetup
%%Page: 1 1
save
mark
1 pagesetup
12 B f
(Security Problems in the TCP/IP Protocol Suite)6 2502 1 1629 840 t
11 I f
(S.M. Bellovin*)1 659 1 2550 1020 t
(smb)2408 1140 w
11 S1 f
(@)2585 1140 w
11 I f
(ulysses.att.com)2686 1140 w
10 R f
(AT&T Bell Laboratories)2 1009 1 2375 1320 t
(Murray Hill, New Jersey 07974)4 1299 1 2230 1440 t
10 I f
(ABSTRACT)2643 1680 w
10 R f
( developed)1 462(The TCP/IP protocol suite, which is very widely used today, was)10 2858 2 1220 1980 t
( that, there are a)4 707( Despite)1 380( of the Department of Defense.)5 1320(under the sponsorship)2 913 4 1220 2100 t
( in the protocols, regardless of the)6 1530(number of serious security \257aws inherent)5 1790 2 1220 2220 t
( describe a variety of attacks based on)7 1620( We)1 211( implementations.)1 732(correctness of any)2 757 4 1220 2340 t
( spoo\256ng, routing attacks, source address)5 1695(these \257aws, including sequence number)4 1625 2 1220 2460 t
( also present defenses against these)5 1550( We)1 225( authentication attacks.)2 976(spoo\256ng, and)1 569 4 1220 2580 t
( a discussion of broad-spectrum defenses such as)7 2171(attacks, and conclude with)3 1149 2 1220 2700 t
(encryption.)1220 2820 w
9 B f
(1. INTRODUCTION)1 848 1 720 3060 t
10 R f
( protocol suite)2 604(The TCP/IP)1 496 2 720 3240 t
7 R f
([1][2])1820 3200 w
10 R f
(, which is very widely used today, was developed under the sponsorship)11 3058 1 1982 3240 t
( \257aws inherent in the)4 878( that, there are a number of serious security)8 1814( Despite)1 374(of the Department of Defense.)4 1254 4 720 3360 t
( these \257aws exist because hosts rely on IP source address for authentication; the)13 3485( of)1 130(protocols. Some)1 705 3 720 3480 t
(Berkeley ``)1 465 1 720 3600 t
10 I f
(r)1185 3600 w
10 R f
(-utilities'')1224 3600 w
7 R f
([3])1624 3560 w
10 R f
( exist because network control mechanisms, and)6 2017( Others)1 339( example.)1 403(are a notable)2 537 4 1744 3600 t
(in particular routing protocols, have minimal or non-existent authentication.)8 3100 1 720 3720 t
( complete)1 420(When describing such attacks, our basic assumption is that the attacker has more or less)14 3900 2 720 3900 t
( may be due to \257aws in that machine's own)9 1851( This)1 249( Internet.)1 373(control over some machine connected to the)6 1847 4 720 4020 t
( be because that machine is a microcomputer, and inherently)9 2813(protection mechanisms, or it may)4 1507 2 720 4140 t
( the attacker may even be a rogue system administrator.)9 2295(unprotected. Indeed,)1 858 2 720 4260 t
9 B f
(1.1 Exclusions)1 583 1 720 4440 t
10 R f
( protocols, such as those used by)6 1403(We are not concerned with \257aws in particular implementations of the)10 2917 2 720 4620 t
(the Internet ``worm'')2 893 1 720 4740 t
7 R f
([4][5][6])1613 4700 w
10 R f
( As)1 192( we discuss generic problems with the protocols themselves.)8 2595(. Rather,)1 397 3 1856 4740 t
( Some)1 299( of these problems.)3 799(will be seen, careful implementation techniques can alleviate or prevent some)10 3222 3 720 4860 t
( version of the U)4 707(of the protocols we discuss are derived from Berkeley's)8 2308 2 720 4980 t
8 R f
(NIX)3735 4980 w
8 S f
(\322)3877 4930 w
10 R f
(system; others are generic)3 1066 1 3974 4980 t
(Internet protocols.)1 740 1 720 5100 t
( altered or)2 442(We are also not concerned with classic network attacks, such as physical eavesdropping, or)13 3878 2 720 5280 t
( so far as they are facilitated or possible because)9 2051( discuss such problems only in)5 1300( We)1 211(injected messages.)1 758 4 720 5400 t
(of protocol problems.)2 879 1 720 5520 t
( do discuss some)3 774( We)1 229( discussion here of vendor-speci\256c protocols.)5 1973(For the most part, there is no)6 1344 4 720 5700 t
( facto standards for many vendors, and)6 1627(problems with Berkeley's protocols, since these have become de)8 2693 2 720 5820 t
(not just for U)3 560 1 720 5940 t
8 R f
(NIX)1280 5940 w
10 R f
(systems.)1455 5940 w
9 B f
( SEQUENCE NUMBER PREDICTION)3 1560(2. TCP)1 308 2 720 6180 t
10 R f
(One of the more fascinating security holes was \256rst described by Morris)11 3200 1 720 6360 t
7 R f
([7])3920 6320 w
10 R f
( TCP)1 239( he used)2 385(. Brie\257y,)1 415 3 4001 6360 t
( ever receiving any responses)4 1246(sequence number prediction to construct a TCP packet sequence without)9 3074 2 720 6480 t
( allowed him to spoof a trusted host on a local network.)11 2308( This)1 244(from the server.)2 650 3 720 6600 t
8 S1 f
(__________________)720 6780 w
8 R f
( address: Room 3C-536B AT&T Bell Laboratories, 600 Mountain Avenue, Murray Hill, New Jersey 07974.)14 3535(* Author's)1 409 2 720 6900 t
10 B f
(Reprinted from Computer Communication Review, Vol. 19, No. 2, pp. 32-48, April 1989.)12 3871 1 720 7462 t
cleartomark
showpage
restore
%%EndPage: 1 1
%%Page: 2 2
save
mark
2 pagesetup
10 R f
(- 2 -)2 182 1 2789 480 t
( client selects and)3 737( The)1 223( handshake.)1 481(The normal TCP connection establishment sequence involves a 3-way)8 2879 4 720 960 t
( sequence number)2 774(transmits an initial)2 801 2 720 1080 t
10 I f
(ISN)2347 1080 w
7 I f
(C)2508 1100 w
10 R f
(, the server acknowledges it and sends its own sequence)9 2477 1 2563 1080 t
(number)720 1200 w
10 I f
(ISN)1060 1200 w
7 I f
(S)1221 1220 w
10 R f
( transmission may)2 750( those three messages, data)4 1118( Following)1 480(, and the client acknowledges that.)5 1428 4 1264 1200 t
( exchange may be shown schematically as follows:)7 2094( The)1 221(take place.)1 434 3 720 1320 t
10 I f
(C)870 1500 w
10 S f
(\256)945 1500 w
10 I f
(S)1052 1500 w
10 R f
(:)1110 1500 w
10 I f
(SYN)1146 1500 w
10 R f
(\()1327 1500 w
10 I f
(ISN)1368 1500 w
7 I f
(C)1529 1520 w
10 R f
(\))1592 1500 w
10 I f
(S)870 1620 w
10 S f
(\256)928 1620 w
10 I f
(C)1035 1620 w
10 R f
(:)1110 1620 w
10 I f
(SYN)1146 1620 w
10 R f
(\()1327 1620 w
10 I f
(ISN)1368 1620 w
7 I f
(S)1529 1640 w
10 R f
(\) ,)1 74 1 1580 1620 t
10 I f
(ACK)1662 1620 w
10 R f
(\()1865 1620 w
10 I f
(ISN)1906 1620 w
7 I f
(C)2067 1640 w
10 R f
(\))2130 1620 w
10 I f
(C)870 1740 w
10 S f
(\256)945 1740 w
10 I f
(S)1052 1740 w
10 R f
(:)1110 1740 w
10 I f
(ACK)1146 1740 w
10 R f
(\()1349 1740 w
10 I f
(ISN)1390 1740 w
7 I f
(S)1551 1760 w
10 R f
(\))1602 1740 w
10 I f
(C)870 1860 w
10 S f
(\256)945 1860 w
10 I f
(S)1052 1860 w
10 R f
(:)1110 1860 w
10 I f
(data)1146 1860 w
(and / or)2 283 1 1075 1980 t
(S)870 2100 w
10 S f
(\256)928 2100 w
10 I f
(C)1035 2100 w
10 R f
(:)1110 2100 w
10 I f
(data)1146 2100 w
10 R f
(That is, for a conversation to take place,)7 1655 1 720 2280 t
10 I f
(C)2408 2280 w
10 R f
(must \256rst hear)2 588 1 2508 2280 t
10 I f
(ISN)3129 2280 w
7 I f
(S)3290 2300 w
10 R f
(, a more or less random number.)6 1340 1 3333 2280 t
( was a way for an intruder)6 1107(Suppose, though, that there)3 1121 2 720 2460 t
10 I f
(X)2984 2460 w
10 R f
(to)3081 2460 w
10 I f
(predict ISN)1 469 1 3195 2460 t
7 I f
(S)3675 2480 w
10 R f
( that case, it could send the)6 1145(. In)1 177 2 3718 2460 t
(following sequence to impersonate trusted host)5 1924 1 720 2580 t
10 I f
(T)2677 2580 w
10 R f
(:)2733 2580 w
10 I f
(X)870 2760 w
10 S f
(\256)939 2760 w
10 I f
(S)1046 2760 w
10 R f
(:)1104 2760 w
10 I f
(SYN)1140 2760 w
10 R f
(\()1321 2760 w
10 I f
(ISN)1362 2760 w
7 I f
(X)1523 2780 w
10 R f
(\) ,)1 74 1 1582 2760 t
10 I f
(SRC)1664 2760 w
10 S f
(=)1866 2760 w
10 I f
(T)1937 2760 w
(S)875 2880 w
10 S f
(\256)933 2880 w
10 I f
(T)1040 2880 w
10 R f
(:)1104 2880 w
10 I f
(SYN)1140 2880 w
10 R f
(\()1321 2880 w
10 I f
(ISN)1362 2880 w
7 I f
(S)1523 2900 w
10 R f
(\) ,)1 74 1 1574 2880 t
10 I f
(ACK)1656 2880 w
10 R f
(\()1859 2880 w
10 I f
(ISN)1900 2880 w
7 I f
(X)2061 2900 w
10 R f
(\))2120 2880 w
10 I f
(X)870 3000 w
10 S f
(\256)939 3000 w
10 I f
(S)1046 3000 w
10 R f
(:)1104 3000 w
10 I f
(ACK)1140 3000 w
10 R f
(\()1343 3000 w
10 I f
(ISN)1384 3000 w
7 I f
(S)1545 3020 w
10 R f
(\) ,)1 74 1 1596 3000 t
10 I f
(SRC)1678 3000 w
10 S f
(=)1880 3000 w
10 I f
(T)1951 3000 w
(X)870 3120 w
10 S f
(\256)939 3120 w
10 I f
(S)1046 3120 w
10 R f
(:)1104 3120 w
10 I f
(ACK)1140 3120 w
10 R f
(\()1343 3120 w
10 I f
(ISN)1384 3120 w
7 I f
(S)1545 3140 w
10 R f
(\) ,)1 74 1 1596 3120 t
10 I f
(SRC)1678 3120 w
10 S f
(=)1880 3120 w
10 I f
(T)1951 3120 w
10 R f
(,)2015 3120 w
10 I f
(nasty)2048 3120 w
10 S f
(-)2283 3120 w
10 I f
(data)2354 3120 w
10 R f
(Even though the message)3 1042 1 720 3300 t
10 I f
(S)1795 3300 w
10 S f
(\256)1853 3300 w
10 I f
(T)1960 3300 w
10 R f
(does not go to)3 588 1 2049 3300 t
10 I f
(X)2670 3300 w
10 R f
(,)2731 3300 w
10 I f
(X)2789 3300 w
10 R f
( contents, and hence could send)5 1309(was able to know its)4 848 2 2883 3300 t
(data. If)1 348 1 720 3420 t
10 I f
(X)1126 3420 w
10 R f
( this attack on a connection that allows command execution \(i.e., the)11 3087(were to perform)2 708 2 1245 3420 t
(Berkeley)720 3540 w
10 I f
(rsh)1113 3540 w
10 R f
(server\), malicious commands could be executed.)5 1983 1 1274 3540 t
(How, then, to predict the random)5 1428 1 720 3720 t
10 I f
(ISN)2194 3720 w
10 R f
( the initial sequence number variable is)6 1696( Berkeley systems,)2 794(? In)1 206 3 2344 3720 t
( each time a connection is)5 1104(incremented by a constant amount once per second, and by half that amount)12 3216 2 720 3840 t
( if one initiates a legitimate connection and observes the)9 2388(initiated. Thus,)1 652 2 720 3960 t
10 I f
(ISN)3801 3960 w
7 I f
(S)3962 3980 w
10 R f
( can calculate,)2 601(used, one)1 393 2 4046 3960 t
(with a high degree of con\256dence,)5 1370 1 720 4080 t
10 I f
(ISN)2123 4080 w
7 I f
(S)2278 4099 w
7 S f
(\242)2278 4040 w
10 R f
(used on the next connection attempt.)5 1505 1 2354 4080 t
(Morris points out that the reply message)6 1658 1 720 4260 t
10 I f
(S)870 4440 w
10 S f
(\256)928 4440 w
10 I f
(T)1035 4440 w
10 R f
(:)1099 4440 w
10 I f
(SYN)1135 4440 w
10 R f
(\()1316 4440 w
10 I f
(ISN)1357 4440 w
7 I f
(S)1518 4460 w
10 R f
(\) ,)1 74 1 1569 4440 t
10 I f
(ACK)1651 4440 w
10 R f
(\()1854 4440 w
10 I f
(ISN)1895 4440 w
7 I f
(X)2056 4460 w
10 R f
(\))2115 4440 w
(does not in fact vanish down a black hole; rather, the real host)12 2608 1 720 4620 t
10 I f
(T)3364 4620 w
10 R f
( the)1 159(will receive it and attempt to reset)6 1425 2 3456 4620 t
( impersonating a server port on)5 1305( found that by)3 597( Morris)1 343( is not a serious obstacle.)5 1064(connection. This)1 712 5 720 4740 t
10 I f
(T)4778 4740 w
10 R f
(, and)1 206 1 4834 4740 t
( generate queue over\257ows that would)5 1579(by \257ooding that port with apparent connection requests, he could)9 2741 2 720 4860 t
(make it likely that the)4 912 1 720 4980 t
10 I f
(S)1667 4980 w
10 S f
(\256)1725 4980 w
10 I f
(T)1832 4980 w
10 R f
( one could wait until)4 858( Alternatively,)1 619( be lost.)2 332(message would)1 623 4 1923 4980 t
10 I f
(T)4389 4980 w
10 R f
(was down for)2 561 1 4479 4980 t
(routine maintenance or a reboot.)4 1326 1 720 5100 t
(A variant on this TCP sequence number attack, not described by Morris, exploits the)13 3577 1 720 5280 t
10 I f
(netstat)4337 5280 w
7 R f
([8])4612 5240 w
10 R f
(service.)4733 5280 w
( If)1 136(In this attack, the intruder impersonates a host that is down.)10 2501 2 720 5400 t
10 I f
(netstat)3394 5400 w
10 R f
( the target host, it)4 741(is available on)2 601 2 3698 5400 t
( port; this eliminates all need to)6 1423(may supply the necessary sequence number information on another)8 2897 2 720 5520 t
(guess)720 5640 w
7 R f
(1)942 5600 w
10 R f
(.)977 5640 w
9 B f
(Defenses)720 5820 w
10 R f
( the relatively coarse rate of change of the initial sequence number)11 2838(Obviously, the key to this attack is)6 1482 2 720 5940 t
( TCP speci\256cation requires that this variable be incremented)8 2741( The)1 255(variable on Berkeley systems.)3 1324 3 720 6060 t
( the critical)2 485( However,)1 466( is using a much slower rate.)6 1248(approximately 250,000 times per second; Berkeley)5 2121 4 720 6180 t
( second in)2 451( change from an increment of 128 per)7 1672( The)1 237(factor is the granularity, not the average rate.)7 1960 4 720 6300 t
(4.2)720 6420 w
8 R f
(BSD)845 6420 w
10 R f
(to 125,000 per second in 4.3)5 1190 1 1038 6420 t
8 R f
(BSD)2228 6420 w
10 R f
(is meaningless, even though the latter is within a factor of two)11 2618 1 2422 6420 t
(of the speci\256ed rate.)3 833 1 720 6540 t
8 S1 f
(__________________)720 6807 w
8 R f
(1. The)1 250 1 720 6927 t
8 I f
(netstat)996 6927 w
8 R f
( concerns were not behind its elimination.)6 1368( Security)1 317(protocol is obsolete, but is still present on some Internet hosts.)10 2044 3 1234 6927 t
cleartomark
showpage
restore
%%EndPage: 2 2
%%Page: 3 3
save
mark
3 pagesetup
10 R f
(- 3 -)2 182 1 2789 480 t
( simplicity's)1 513( For)1 212( a true 250,000 hz rate would help.)7 1494(Let us consider whether a counter that operated at)8 2101 4 720 960 t
( rate of)2 324(sake, we will ignore the problem of other connections occurring, and only consider the \256xed)14 3996 2 720 1080 t
(change of this counter.)3 933 1 720 1200 t
(To learn a current sequence number, one must send a SYN packet, and receive a response, as follows:)17 4203 1 720 1380 t
10 I f
(X)870 1560 w
10 S f
(\256)939 1560 w
10 I f
(S)1046 1560 w
10 R f
(:)1104 1560 w
10 I f
(SYN)1181 1560 w
10 R f
(\()1362 1560 w
10 I f
(ISN)1403 1560 w
7 I f
(X)1564 1580 w
10 R f
(\))1623 1560 w
10 I f
(S)870 1680 w
10 S f
(\256)928 1680 w
10 I f
(X)1035 1680 w
10 R f
(:)1104 1680 w
10 I f
(SYN)1181 1680 w
10 R f
(\()1362 1680 w
10 I f
(ISN)1403 1680 w
7 I f
(S)1564 1700 w
10 R f
(\) ,)1 74 1 1615 1680 t
10 I f
(ACK)1697 1680 w
10 R f
(\()1900 1680 w
10 I f
(ISN)1941 1680 w
7 I f
(X)2102 1700 w
10 R f
(\) \(1\))1 2879 1 2161 1680 t
( follow)1 302(The \256rst spoof packet, which triggers generation of the next sequence number, can immediately)13 4018 2 720 1860 t
(the server's response to the probe packet:)6 1699 1 720 1980 t
10 I f
(X)870 2160 w
10 S f
(\256)939 2160 w
10 I f
(S)1046 2160 w
10 R f
(:)1104 2160 w
10 I f
(SYN)1181 2160 w
10 R f
(\()1362 2160 w
10 I f
(ISN)1403 2160 w
7 I f
(X)1564 2180 w
10 R f
(\) ,)1 74 1 1623 2160 t
10 I f
(SRC)1705 2160 w
10 S f
(=)1907 2160 w
10 I f
(T)1978 2160 w
10 R f
(\(2\))4924 2160 w
(The sequence number)2 891 1 720 2340 t
10 I f
(ISN)1644 2340 w
7 I f
(S)1805 2360 w
10 R f
(used in the response)3 831 1 1881 2340 t
10 I f
(S)870 2520 w
10 S f
(\256)928 2520 w
10 I f
(T)1035 2520 w
10 R f
(:)1099 2520 w
10 I f
(SYN)1176 2520 w
10 R f
(\()1357 2520 w
10 I f
(ISN)1398 2520 w
7 I f
(S)1559 2540 w
10 R f
(\) ,)1 74 1 1610 2520 t
10 I f
(ACK)1692 2520 w
10 R f
(\()1895 2520 w
10 I f
(ISN)1936 2520 w
7 I f
(X)2097 2540 w
10 R f
(\))2156 2520 w
( receipt at the server)4 864(is uniquely determined by the time between the origination of message \(1\) and the)13 3456 2 720 2700 t
( this number is precisely the round-trip time between)8 2202( But)1 214(of message \(1\).)2 634 3 720 2820 t
10 I f
(X)3806 2820 w
10 R f
(and)3903 2820 w
10 I f
(S)4083 2820 w
10 R f
( the spoofer)2 491( if)1 97(. Thus,)1 319 3 4133 2820 t
(can accurately measure \(and predict\) that time, even a 4)9 2298 1 720 2940 t
10 S f
(m)3051 2940 w
10 R f
(-second clock will not defeat this attack.)6 1659 1 3109 2940 t
( stability is good, we can probably)6 1488( we assume that)3 689( If)1 142(How accurately can the trip time be measured?)7 2001 4 720 3120 t
( does not exhibit such stability over the)7 1730( the Internet)2 530( Clearly,)1 401(bound it within 10 milliseconds or so.)6 1659 4 720 3240 t
(long-term)720 3360 w
7 R f
([9])1114 3320 w
10 R f
(, but it is often good enough over the short term.)10 2012 1 1195 3360 t
7 R f
(2)3207 3320 w
10 R f
(There is thus an uncertainty of 2500 in the)8 1764 1 3276 3360 t
(possible value for)2 740 1 720 3480 t
10 I f
(ISN)1499 3480 w
7 I f
(S)1660 3500 w
10 R f
( each trial takes 5 seconds, to allow time to re-measure the round-trip time,)13 3174(. If)1 163 2 1703 3480 t
( reasonable likelihood of succeeding in 7500 seconds, and a near-certainty)10 3228(an intruder would have a)4 1092 2 720 3600 t
( measurements, would)2 930( predictable \(i.e., higher quality\) networks, or more accurate)8 2543( More)1 292(within a day.)2 555 4 720 3720 t
( simply following the letter of the TCP)7 1672( Clearly,)1 394(improve the odds even further in the intruder's favor.)8 2254 3 720 3840 t
(speci\256cation is not good enough.)4 1351 1 720 3960 t
( fact, some)2 485( In)1 166(We have thus far tacitly assumed that no processing takes places on the target host.)14 3669 3 720 4140 t
( this processing is)3 747(processing does take place when a new request comes in; the amount of variability in)14 3573 2 720 4260 t
( one tick \320 4)4 632( a 6 MIPS machine,)4 875(critical. On)1 503 3 720 4380 t
10 S f
(m)2777 4380 w
10 R f
( is thus)2 328( There)1 312(-seconds \320 is about 25 instructions.)5 1565 3 2835 4380 t
( interrupts, or a slightly)4 1040( High-priority)1 617(considerable sensitivity to the exact instruction path followed.)7 2663 3 720 4500 t
( next)1 208(different TCB allocation sequence, will have a comparatively large effect on the actual value of the)15 4112 2 720 4620 t
( should be)2 463( It)1 145( is of considerable advantage to the target.)7 1867( randomizing effect)2 835( This)1 263(sequence number.)1 747 6 720 4740 t
(noted, though, that faster machines are)5 1699 1 720 4860 t
10 I f
(more)2475 4860 w
10 R f
( attack, since the variability of the)6 1548(vulnerable to this)2 756 2 2736 4860 t
( of course, CPU speeds)4 961( And)1 238( less real time, and hence affect the increment less.)9 2097(instruction path will take)3 1024 4 720 4980 t
(are increasing rapidly.)2 905 1 720 5100 t
( be)1 136( must)1 236( Care)1 262( the increment.)2 628( randomizing)1 579(This suggests another solution to sequence number attacks:)7 2479 6 720 5280 t
( granularity)1 475(taken to use suf\256cient bits; if, say, only the low-order 8 bits were picked randomly, and the)16 3845 2 720 5400 t
( combination of a)3 747( A)1 145( only multiplied by 256.)4 1025(of the increment was coarse, the intruder's work factor is)9 2403 4 720 5520 t
( a 32-bit generator, is better.)5 1233(\256ne-granularity increment and a small random number generator, or just)9 3087 2 720 5640 t
( that many pseudo-random number generators are easily invertible)8 2786(Note, though,)1 563 2 720 5760 t
7 R f
([10])4069 5720 w
10 R f
( fact, given that)3 672(. In)1 183 2 4185 5760 t
( the enemy could simply compute the next)7 1878(most such generators work via feedback of their output,)8 2442 2 720 5880 t
( hybrid techniques have promise \320 using a 32-bit generator, for)10 2675( Some)1 297( to be picked.)3 571(``random'' number)1 777 4 720 6000 t
( brute-force attacks could succeed at determining the seed.)8 2399(example, but only emitting 16 bits of it \320 but)9 1921 2 720 6120 t
( perhaps more, to defeat probes)5 1327(One would need at least 16 bits of random data in each increment, and)13 2993 2 720 6240 t
( More)1 300( the seed.)2 426(from the network, but that might leave too few bits to guard against a search for)15 3594 3 720 6360 t
(research or simulations are needed to determine the proper parameters.)9 2897 1 720 6480 t
8 S1 f
(__________________)720 6717 w
8 R f
( is not)2 209( It)1 101( such stability even over the short-term, especially on long-haul connections.)10 2512( the moment, the Internet may not have)7 1292(2. At)1 206 5 720 6837 t
(comforting to know that the security of a network relies on its low quality of service.)15 2789 1 846 6927 t
cleartomark
showpage
restore
%%EndPage: 3 3
%%Page: 4 4
save
mark
4 pagesetup
10 R f
(- 4 -)2 182 1 2789 480 t
( a cryptographic algorithm \(or device\) for)6 1818(Rather than go to such lengths, it is simpler to use)10 2247 2 720 960 t
10 I f
(ISN)4836 960 w
7 I f
(S)4997 980 w
10 R f
( Standard)1 405( Data Encryption)2 730(generation. The)1 683 3 720 1080 t
7 R f
([11])2538 1040 w
10 R f
(\(DES\) in)1 383 1 2704 1080 t
10 I f
(electronic codebook mode)2 1097 1 3137 1080 t
7 R f
([12])4242 1040 w
10 R f
(is an attractive)2 632 1 4408 1080 t
(choice as the)2 543 1 720 1200 t
10 I f
(ISN)1302 1200 w
7 I f
(S)1463 1220 w
10 R f
( DES could be used in)5 956( Alternatively,)1 624(source, with a simple counter as input.)6 1621 3 1545 1200 t
10 I f
(output)4784 1200 w
(feedback mode)1 614 1 720 1320 t
10 R f
( way, great care must be taken to select the key)10 2081( Either)1 322(without an additional counter.)3 1259 3 1378 1320 t
( information about reboot times is)5 1418( time-of-day at boot time is not adequate; suf\256ciently good)9 2468(used. The)1 434 3 720 1440 t
( reboot time is)3 635( however, the)2 578( If,)1 168(often available to an intruder, thereby permitting a brute-force attack.)9 2939 4 720 1560 t
(encrypted with a per-host secret key, the generator cannot be cracked with any reasonable effort.)14 3966 1 720 1680 t
( sequence numbers are)3 977( New)1 270( a problem.)2 500(Performance of the initial sequence number generator is not)8 2573 4 720 1860 t
( suf\256ce. Encryption)2 815(needed only once per connection, and even a software implementation of DES will)12 3505 2 720 1980 t
(times of 2.3 milliseconds on a 1 MIPS processor have been reported)11 2812 1 720 2100 t
7 R f
([13])3532 2060 w
10 R f
(.)3648 2100 w
( of the round-trip)3 724( Measurements)1 653(An additional defense involves good logging and alerting mechanisms.)8 2943 3 720 2280 t
( likely be carried out using ICMP)6 1446(time \320 essential for attacking RFC-compliant hosts \320 would most)9 2874 2 720 2400 t
10 I f
(Ping)720 2520 w
10 R f
( perhaps more)2 629( Other,)1 342(messages; a ``transponder'' function could log excessive ping requests.)8 3103 3 966 2520 t
( connections)1 511(applicable, timing measurement techniques would involve attempted TCP connections; these)9 3809 2 720 2640 t
( not even complete)3 784(are conspicuously short-lived, and may)4 1599 2 720 2760 t
10 I f
(SYN)3137 2760 w
10 R f
( spoo\256ng an active)3 779(processing. Similarly,)1 917 2 3344 2760 t
(host will eventually generate unusual types of)6 1903 1 720 2880 t
10 I f
(RST)2660 2880 w
10 R f
( and should be)3 613(packets; these should not occur often,)5 1563 2 2864 2880 t
(logged.)720 3000 w
9 B f
( JOY OF ROUTING)3 825(3. THE)1 318 2 720 3240 t
10 R f
( the routing mechanisms and protocols is probably the simplest protocol-based attack available.)12 3947(Abuse of)1 373 2 720 3420 t
( of these)2 370( Some)1 302( do this, depending on the exact routing protocols used.)9 2356(There are a variety of ways to)6 1292 4 720 3540 t
( the remote host does source address-based authentication; others can be used for)12 3381(attacks succeed only if)3 939 2 720 3660 t
(more powerful attacks.)2 933 1 720 3780 t
( can also be used to accomplish denial of service by confusing)11 2619(A number of the attacks described below)6 1701 2 720 3960 t
( details are straight-forward corollaries of the penetration)7 2399( The)1 230( on a host or gateway.)5 961(the routing tables)2 730 4 720 4080 t
(mechanisms, and will not be described further.)6 1917 1 720 4200 t
9 B f
( Routing)1 340(3.1 Source)1 438 2 720 4380 t
10 R f
( that the target host uses the)6 1200( Assume)1 395( to abuse is IP source routing.)6 1275(If available, the easiest mechanism)4 1450 4 720 4560 t
( behavior is utterly)3 797( Such)1 273(reverse of the source route provided in a TCP open request for return traf\256c.)13 3250 3 720 4680 t
( some reason \320 say,)4 865(reasonable; if the originator of the connection wishes to specify a particular path for)13 3455 2 720 4800 t
( the originator if a different path is)7 1588(because the automatic route is dead \320 replies may not reach)10 2732 2 720 4920 t
(followed.)720 5040 w
( source address desired, including that of a trusted machine on the)11 2865(The attacker can then pick any IP)6 1455 2 720 5220 t
( facilities available to such machines become available to the attacker.)10 2882( Any)1 238(target's local network.)2 911 3 720 5340 t
9 B f
(Defenses)720 5520 w
10 R f
( the gateways into the)4 927( best idea would be for)5 977( The)1 226(It is rather hard to defend against this sort of attack.)10 2190 4 720 5640 t
( is less practical than it)5 1018( This)1 257( local net.)2 433(local net to reject external packets that claim to be from the)11 2612 4 720 5760 t
(might seem since some Ethernet)4 1361 1 720 5880 t
7 R f
(3)2081 5840 w
10 R f
( is)1 110(network adapters receive their own transmissions, and this feature)8 2772 2 2158 5880 t
( solution fails completely if an)5 1469( this)1 221( Furthermore,)1 633(relied upon by some higher-level protocols.)5 1997 4 720 6000 t
( users on the)3 541( Other)1 298( trusted networks connected via a multi-organization backbone.)7 2625(organization has two)2 856 4 720 6120 t
(backbone may not be trustable to the same extent that local users are presumed to be, or perhaps their)18 4320 1 720 6240 t
( such topologies should be avoided in any event.)8 2004( Arguably,)1 468(vulnerability to outside attack is higher.)5 1628 3 720 6360 t
( might be to reject pre-authorized connections if source routing information was)11 3538(A simpler method)2 782 2 720 6540 t
( there are few legitimate reasons for using this IP option, especially for)12 3119( presumes that)2 627(present. This)1 574 3 720 6660 t
8 S1 f
(__________________)720 6840 w
8 R f
( is a registered trademark of Xerox Corporation.)7 1573(3. Ethernet)1 395 2 720 6960 t
cleartomark
showpage
restore
%%EndPage: 4 4
%%Page: 5 5
save
mark
5 pagesetup
10 R f
(- 5 -)2 182 1 2789 480 t
( source route and)3 762( variation on this defense would be to analyze the)9 2202( A)1 155(relatively normal operations.)2 1201 4 720 960 t
(accept it if only trusted gateways were listed; that way, the \256nal gateway could be counted on to deliver)18 4320 1 720 1080 t
( complexity of this idea is probably not worthwhile.)8 2138( The)1 221(the packet only to the true destination host.)7 1777 3 720 1200 t
( Berkeley's)1 466(Some protocols \(i.e.,)2 846 2 720 1380 t
10 I f
(rlogin)2066 1380 w
10 R f
(and)2345 1380 w
10 I f
(rsh)2523 1380 w
10 R f
(\) permit ordinary users to extend trust to remote host/user)9 2381 1 2659 1380 t
( entire system, may be targeted by source)7 1792( that case, individual users, rather than an)7 1802(combinations. In)1 726 3 720 1500 t
(routing attacks.)1 626 1 720 1620 t
7 R f
(4)1346 1580 w
10 R f
(Suspicious gateways)1 840 1 1416 1620 t
7 R f
([14])2256 1580 w
10 R f
( within)1 292(will not help here, as the host being spoofed may not be)11 2341 2 2407 1620 t
(the security domain protected by the gateways.)6 1925 1 720 1740 t
9 B f
( Information Protocol Attacks)3 1180(3.2 Routing)1 483 2 720 1920 t
10 R f
(The)720 2100 w
10 I f
(Routing Information Protocol)2 1223 1 914 2100 t
7 R f
([15])2145 2060 w
10 R f
(\(RIP\) is used to propagate routing information on local networks,)9 2740 1 2300 2100 t
( allows an intruder)3 794( This)1 252( is unchecked.)2 600( the information received)3 1057( Typically,)1 483(especially broadcast media.)2 1134 6 720 2220 t
( of the gateways along the way, to)7 1553(to send bogus routing information to a target host, and to each)11 2767 2 720 2340 t
( most likely attack of this sort would be to claim a route to a)14 2810( The)1 242(impersonate a particular host.)3 1268 3 720 2460 t
( host, rather than to a network; this would cause all packets destined for that host to be)17 3621(particular unused)1 699 2 720 2580 t
( packets for an entire network might be too noticeable;)9 2470( \(Diverting)1 506(sent to the intruder's machine.)4 1344 3 720 2700 t
( this is done, protocols that rely on)7 1467( Once)1 280( is comparatively risk-free.\))3 1144(impersonating an idle work-station)3 1429 4 720 2820 t
(address-based authentication are effectively compromised.)4 2373 1 720 2940 t
( that the)2 356( Assume)1 397( serious, bene\256ts to the attacker as well.)7 1708(This attack can yield more subtle, and more)7 1859 4 720 3120 t
( packets for that host will be routed)7 1489( All)1 197( instead.)1 344(attacker claims a route to an active host or workstation)9 2290 4 720 3240 t
( using IP source)3 695( are then resent,)3 682( They)1 280(to the intruder's machine for inspection and possible alteration.)8 2663 4 720 3360 t
( sensitive)1 383( outsider may thus capture passwords and other)7 1957( An)1 189(address routing, to the intended destination.)5 1791 4 720 3480 t
( thus, a user calling out)5 1027( mode of attack is unique in that it affects outbound calls as well;)13 2847(data. This)1 446 3 720 3600 t
( of the earlier attacks discussed)5 1324( Most)1 280( divulging a password.)3 953(from the targeted host can be tricked into)7 1763 4 720 3720 t
(are used to forge a source address; this one is focused on the destination address.)14 3336 1 720 3840 t
9 B f
(Defenses)720 4020 w
10 R f
( is somewhat easier to defend against than the source-routing attacks, though some defenses)13 3788(A RIP attack)2 532 2 720 4140 t
( based on source or destination address \320)7 1802( paranoid gateway \320 one that \256lters packets)7 1903( A)1 148(are similar.)1 467 4 720 4260 t
( form of host-spoo\256ng \(including TCP sequence number attacks\), since the offending)11 3698(will block any)2 622 2 720 4380 t
( there are other ways to deal with RIP problems.)9 2002( But)1 211(packets can never make it through.)5 1431 3 720 4500 t
( most environments, there is)4 1182( In)1 154(One defense is for RIP to be more skeptical about the routes it accepts.)13 2984 3 720 4680 t
( can)1 178( router that makes this check)5 1225( A)1 146(no good reason to accept new routes to your own local networks.)11 2771 4 720 4800 t
( some implementations rely on hearing their own)7 2249( Unfortunately,)1 684( attempts.)1 430(easily detect intrusion)2 957 4 720 4920 t
( that they)2 408( idea, presumably, is)3 881( The)1 232(broadcasts to retain their knowledge of directly-attached networks.)7 2799 4 720 5040 t
( fault-tolerance is in general a good idea,)7 1748( While)1 318(can use other networks to route around local outages.)8 2254 3 720 5160 t
(the actual utility of this technique is low in many environments compared with the risks.)14 3646 1 720 5280 t
( absence of inexpensive public-key)4 1502(It would be useful to be able to authenticate RIP packets; in the)12 2818 2 720 5460 t
( if it were done, its utility is limited; a)9 1602( Even)1 273( protocol.)1 393(signature schemes, this is dif\256cult for a broadcast)7 2052 4 720 5580 t
( turn may have been deceived by gateways)7 1779(receiver can only authenticate the immediate sender, which in)8 2541 2 720 5700 t
(further upstream.)1 695 1 720 5820 t
( the)1 208( risk:)1 231(Even if the local routers don't implement defense mechanisms, RIP attacks carry another)12 3881 3 720 6000 t
( router \(as opposed to host\) that receives such)8 1952( Any)1 246( area.)1 231(bogus routing entries are visible over a wide)7 1891 4 720 6120 t
( of networks)2 529(data will rebroadcast it; a suspicious administrator almost anywhere on the local collection)12 3791 2 720 6240 t
( would help, but it is hard to distinguish a genuine)10 2253( log generation)2 651( Good)1 306(could notice the anomaly.)3 1110 4 720 6360 t
(intrusion from the routing instability that can accompany a gateway crash.)10 3045 1 720 6480 t
8 S1 f
(__________________)720 6717 w
8 R f
( such)1 187( But)1 183( of abuse of the protocols.)5 931( ordinary users to extend trust is probably wrong in any event, regardless)12 2557(4. Permitting)1 462 5 720 6837 t
(concerns are beyond the scope of this paper.)7 1450 1 846 6927 t
cleartomark
showpage
restore
%%EndPage: 5 5
%%Page: 6 6
save
mark
6 pagesetup
10 R f
(- 6 -)2 182 1 2789 480 t
9 B f
( Gateway Protocol)2 725(3.3 Exterior)1 498 2 720 960 t
10 R f
(The)720 1140 w
10 I f
(Exterior Gateway Protocol)2 1132 1 922 1140 t
10 R f
(\(EGP\))2101 1140 w
7 R f
([16])2356 1100 w
10 R f
(is intended for communications between the core gateways)7 2520 1 2520 1140 t
(and so-called)1 563 1 720 1260 t
10 I f
(exterior gateways)1 747 1 1342 1260 t
10 R f
( after going through a)4 997( exterior gateway,)2 785(. An)1 239 3 2097 1260 t
10 I f
(neighbor acquisition)1 864 1 4176 1260 t
10 R f
( serves.)1 318(protocol, is periodically polled by the core; it responds with information about the networks it)14 4002 2 720 1380 t
(These networks must all be part of its)7 1585 1 720 1500 t
10 I f
(autonomous system)1 792 1 2342 1500 t
10 R f
( requests)1 363( the gateway periodically)3 1042(. Similarly,)1 493 3 3142 1500 t
( is not normally sent except in response to a poll;)10 2200( Data)1 270(routing information from the core gateway.)5 1850 3 720 1620 t
( response, it is rather)4 873(furthermore, since each poll carries a sequence number that must be echoed by the)13 3447 2 720 1740 t
( gateways are allowed to send exactly one)7 1746( Exterior)1 395( route update.)2 566(dif\256cult for an intruder to inject a false)7 1613 4 720 1860 t
( the sequence number of the last poll)7 1593(spontaneous update between any two polls; this, too, must carry)9 2727 2 720 1980 t
( is thus comparatively dif\256cult to interfere in an on-going EGP conversation.)11 3157(received. It)1 489 2 720 2100 t
( attack would be to impersonate a second exterior gateway for the same autonomous)13 3771(One possible)1 549 2 720 2280 t
( list of legitimate)3 774( may not succeed, as the core gateways could be equipped with a)12 2975(system. This)1 571 3 720 2400 t
( if they were,)3 553( Even)1 272( checks are not currently done, however.)6 1671( Such)1 267( autonomous system.)2 860(gateways to each)2 697 6 720 2520 t
(they could be authenticated only by source IP address.)8 2235 1 720 2640 t
( to claim reachability for some network where the real gateway is)11 2866(A more powerful attack would be)5 1454 2 720 2820 t
( is, if gateway)3 599(down. That)1 501 2 720 2940 t
10 I f
(G)1858 2940 w
10 R f
(normally handles traf\256c for network)4 1495 1 1968 2940 t
10 I f
(N)3500 2940 w
10 R f
(, and)1 206 1 3567 2940 t
10 I f
(G)3810 2940 w
10 R f
(is down, gateway)2 720 1 3919 2940 t
10 I f
(G)4676 2940 w
10 S f
(\242)4756 2940 w
10 R f
(could)4818 2940 w
( The)1 234( would allow password capture by assorted mechanisms.)7 2410( This)1 257(advertise a route to that network.)5 1419 4 720 3060 t
( gateways must be on the)5 1072( exterior)1 381( against this attack is topological \(and quite restrictive\):)8 2324(main defense)1 543 4 720 3180 t
( host, but an existing)4 911(same network as the core; thus, the intruder would need to subvert not just any)14 3409 2 720 3300 t
(gateway or host that is directly on the main net.)9 1970 1 720 3420 t
( the dif\256culty here is)4 879(A sequence number attack, similar to those used against TCP, might be attempted;)12 3441 2 720 3600 t
( TCP, one can establish arbitrary connections)6 1895( In)1 155( the core gateway is using.)5 1129(in predicting what numbers)3 1141 4 720 3720 t
( accurately, the core)3 850( \(More)1 323( the core.)2 400(to probe for information; in EGP, only a few hosts may speak to)12 2747 4 720 3840 t
( though as noted such checks are not currently implemented.\))9 2550(could only speak to a few particular hosts,)7 1770 2 720 3960 t
(It may thus be hard to get the raw data needed for such an attack.)14 2708 1 720 4080 t
9 B f
( Internet Control Message Protocol)4 1385(3.4 The)1 323 2 720 4260 t
10 R f
(The)720 4440 w
10 I f
(Internet Control Message Protocol)3 1438 1 912 4440 t
10 R f
(\(ICMP\))2387 4440 w
7 R f
([17])2698 4400 w
10 R f
(is the basic network management tool of the TCP/IP)8 2189 1 2851 4440 t
( ICMP attacks are rather)4 1023( Surprisingly,)1 590( carry a rich potential for abuse.)6 1343( would seem to)3 647( It)1 132(protocol suite.)1 585 6 720 4560 t
(dif\256cult; still, there are often holes that may be exploited.)9 2367 1 720 4680 t
(The \256rst, and most obvious target, is the ICMP)8 1950 1 720 4860 t
10 I f
(Redirect)2705 4860 w
10 R f
(message; it is used by gateways to advise hosts)8 1962 1 3078 4860 t
( complication is)2 661( The)1 224( that RIP can be.)4 707( such it can often be abused in the same way)10 1894( As)1 181(of better routes.)2 653 6 720 4980 t
( particular, existing connection; it cannot be used to make an)10 2577(that a Redirect message must be tied to a)8 1743 2 720 5100 t
( Redirects are only applicable within a)6 1692( Furthermore,)1 609(unsolicited change to the host's routing tables.)6 2019 3 720 5220 t
( A)1 140( the path to the originating host.)6 1335(limited topology; they may be sent only from the \256rst gateway along)11 2845 3 720 5340 t
(later gateway may not advise that host, nor may it use ICMP Redirect to control other gateways.)16 3973 1 720 5460 t
(Suppose, though, that an intruder has penetrated a secondary gateway available to a target host, but not)16 4320 1 720 5640 t
( may suf\256ce to penetrate an ordinary host on the target's local network, and have it)15 3475( \(It)1 164(the primary one.)2 681 3 720 5760 t
( a false route to trusted host)6 1170( further that the intruder wishes to set up)8 1700( Assume)1 390(claim to be a gateway.\))4 968 4 720 5880 t
10 I f
(T)4984 5880 w
10 R f
( a)1 83( Send)1 272( followed.)1 419( following sequence may then be)5 1392( The)1 228(through that compromised secondary gateway.)4 1926 6 720 6000 t
(false TCP open packet to the target host, claiming to be from)11 2590 1 720 6120 t
10 I f
(T)3349 6120 w
10 R f
( will respond with its own)5 1117( target)1 266(. The)1 252 3 3405 6120 t
( this is in transit, a false Redirect)7 1450( While)1 322( the secure primary gateway.)4 1229(open packet, routing it through)4 1319 4 720 6240 t
( This)1 258(may be sent, claiming to be from the primary gateway, and referring to the bogus connection.)15 4062 2 720 6360 t
( routing change it contains will be)6 1510(packet will appear to be a legitimate control message; hence the)10 2810 2 720 6480 t
( host makes this change to its global routing tables, rather than just to the per-)15 3373( the target)2 433(accepted. If)1 514 3 720 6600 t
(connection cached route, the intruder may proceed with spoo\256ng host)9 2856 1 720 6720 t
10 I f
(T)3609 6720 w
10 R f
(.)3665 6720 w
( validity checks on ICMP Redirect messages; in such cases, the)10 2793(Some hosts do not perform enough)5 1527 2 720 6900 t
(impact of this attack becomes similar to RIP-based attacks.)8 2425 1 720 7020 t
( of its messages, such as)5 1141( Several)1 391( targeted denial of service attacks.)5 1527(ICMP may also be used for)5 1261 4 720 7200 t
10 I f
(Destination Unreachable)1 1026 1 720 7320 t
10 R f
(and)1784 7320 w
10 I f
(Time to Live Exceeded)3 945 1 1966 7320 t
10 R f
( the)1 159( If)1 137(, may be used to reset existing connections.)7 1825 3 2919 7320 t
cleartomark
showpage
restore
%%EndPage: 6 6
%%Page: 7 7
save
mark
7 pagesetup
10 R f
(- 7 -)2 182 1 2789 480 t
( the local and remote port numbers of a TCP connection, an ICMP packet aimed at that)16 3705(intruder knows)1 615 2 720 960 t
(connection may be forged)3 1063 1 720 1080 t
7 R f
(5)1783 1040 w
10 R f
( information is sometimes available through the)6 1958(. Such)1 291 2 1818 1080 t
10 I f
(netstat)4100 1080 w
10 R f
(service.)4400 1080 w
( sending a fraudulent)3 912(A more global denial of service attack can be launched by)10 2546 2 720 1260 t
10 I f
(Subnet Mask Reply)2 813 1 4227 1260 t
10 R f
( not; a false one)4 676( hosts will accept any such message, whether they have sent a query or)13 2983(message. Some)1 661 3 720 1380 t
(could effectively block all communications with the target host.)8 2614 1 720 1500 t
9 B f
(Defenses)720 1680 w
10 R f
( host is careful)3 648( a)1 89( If)1 144(Most ICMP attacks are easy to defend against with just a modicum of paranoia.)13 3439 4 720 1800 t
( not)1 171(about checking that a message really does refer to a particular connection, most such attacks will)15 4149 2 720 1920 t
( this includes verifying that the ICMP packet contains a plausible sequence)11 3109( the case of TCP,)4 721(succeed. In)1 490 3 720 2040 t
( checks are less applicable to UDP, though.)7 1789( These)1 304(number in the returned-packet portion.)4 1576 3 720 2160 t
( additional attention, since such attacks can be more serious.)9 2581(A defense against Redirect attacks merits)5 1739 2 720 2340 t
( connection; the global routing table)5 1496(Probably, the best option is to restrict route changes to the speci\256ed)11 2824 2 720 2460 t
(should not be modi\256ed in response to ICMP Redirect messages)9 2607 1 720 2580 t
7 R f
(6)3327 2540 w
10 R f
(.)3362 2580 w
( They)1 278( are even useful in today's environment.)6 1695(Finally, it is worth considering whether ICMP Redirects)7 2347 3 720 2760 t
( it is)2 243( But)1 238( than one gateway to the outside world.)7 1815(are only usable on local networks with more)7 2024 4 720 2880 t
( messages)1 435( Redirect)1 429( information.)1 555(comparatively easy to maintain complete and correct local routing)8 2901 4 720 3000 t
( to local exterior gateways, as that would allow such local)10 2420(would be most useful from the core gateways)7 1900 2 720 3120 t
(gateways to have less than complete knowledge of the Internet; this use is disallowed, however.)14 3939 1 720 3240 t
( In)1 162( packet is honored only at the appropriate time.)8 2051(Subnet Mask attacks can be blocked if the Reply)8 2107 3 720 3420 t
( a message only at boot time, and only if it had issued a query; a stale)16 2948(general, a host wants to see such)6 1372 2 720 3540 t
( is little defense against a forged)6 1400( There)1 308(reply, or an unsolicited reply, should be rejected out of hand.)10 2612 3 720 3660 t
( Subnet Mask query, as a host that has sent such a query typically has few resources)16 3560(reply to a genuine)3 760 2 720 3780 t
( the genuine response is not blocked by the intruder, though, the)11 2693( If)1 135(with which to validate the response.)5 1492 3 720 3900 t
( multiple replies; a check to ensure that all replies agree would guard against)13 3526(target will receive)2 794 2 720 4020 t
(administrative errors as well.)3 1183 1 720 4140 t
9 B f
( ``AUTHENTICATION'' SERVER)2 1385(4. THE)1 318 2 720 4380 t
10 R f
( implementations use the)3 1147(As an alternative to address-based authentication, some)6 2509 2 720 4560 t
10 I f
(Authentication)4451 4560 w
(Server)720 4680 w
7 R f
([18])988 4640 w
10 R f
( the identity of its client may contact the client host's)10 2481( server that wishes to know)5 1265(. A)1 190 3 1104 4680 t
(Authentication Server)1 895 1 720 4800 t
7 R f
(7)1615 4760 w
10 R f
( This)1 253(, and ask it for information about the user owning a particular connection.)12 3137 2 1650 4800 t
( second TCP)2 557(method is inherently more secure than simple address-based authentication, as it uses a)12 3763 2 720 4920 t
( source)1 308( thus can defeat sequence number attacks and)7 1968( It)1 141(connection not under control of the attacker.)6 1903 4 720 5040 t
( are certain risks, however.)4 1106( There)1 298(routing attacks.)1 624 3 720 5160 t
( the)1 170( If)1 147( not all hosts are competent to run authentication servers.)9 2487(The \256rst, and most obvious, is that)6 1516 4 720 5340 t
( is claimed to be; the answer cannot be trusted.)9 1968(client host is not secure, it does not matter who the user)11 2352 2 720 5460 t
( RIP has been)3 585( If)1 135( message itself can be compromised by routing table attacks.)9 2523(Second, the authentication)2 1077 4 720 5580 t
( to reach some host, the authentication query will rely on the same)12 2781(used to alter the target's idea of how)7 1539 2 720 5700 t
( TCP sequence number attack)4 1260( if the target host is down, a variant on the)10 1844( Finally,)1 383(altered routing data.)2 833 4 720 5820 t
( the presumed authentication server, the)5 1666(may be used; after the server sends out a TCP open request to)12 2654 2 720 5940 t
( the target runs a)4 717( If)1 137(attacker can complete the open sequence and send a false reply.)10 2669 3 720 6060 t
10 I f
(netstat)4282 6060 w
10 R f
(server, this)1 452 1 4588 6060 t
(is even easier; as noted,)4 977 1 720 6180 t
10 I f
(netstat)1730 6180 w
10 R f
(will often supply the necessary sequence numbers with no need to guess.)11 3000 1 2030 6180 t
8 S1 f
(__________________)720 6360 w
8 R f
( fact, such programs are available today; they are used as administrative tools to reset hung TCP connections.)17 3580(5. In)1 192 2 720 6480 t
( author)1 234( The)1 181( environments where ICMP-initiated route changes are not timed out.)9 2308( has other bene\256ts as well, especially in)7 1329(6. This)1 268 5 720 6600 t
( had)1 144( These)1 245( erroneous ICMP Redirect messages.)4 1214(has seen situations where RIP instability following a gateway crash has led to)12 2591 4 846 6690 t
(the effect of permanently corrupting the routing tables on other hosts.)10 2269 1 846 6780 t
( Internet Activities Board does not currently recommend the Authentication Server for implementation)12 3459(7. The)1 250 2 720 6900 t
5 R f
([19])4429 6868 w
8 R f
( the)1 133(. However,)1 394 2 4513 6900 t
(decision was not made because of security problems)7 1709 1 846 6990 t
5 R f
([5])2555 6958 w
8 R f
(.)2614 6990 w
cleartomark
showpage
restore
%%EndPage: 7 7
%%Page: 8 8
save
mark
8 pagesetup
10 R f
(- 8 -)2 182 1 2789 480 t
( constitutes a denial)3 821( This)1 246( server can always reply ``no''.)5 1295(A less-obvious risk is that a fake authentication)7 1958 4 720 960 t
(of service attack.)2 694 1 720 1080 t
9 B f
(Defenses)720 1260 w
10 R f
( a more secure means of)5 1111(A server that wishes to rely on another host's idea of a user should use)14 3209 2 720 1380 t
(validation, such as the Needham-Schroeder algorithm)5 2186 1 720 1500 t
7 R f
([20][21][22])2906 1460 w
10 R f
( by itself is inadequate.)4 956(. TCP)1 275 2 3254 1500 t
9 B f
( BE DRAGONS)2 630(5. HERE)1 383 2 720 1740 t
10 R f
( wise implementor)2 766( A)1 141( nevertheless susceptible to abuse.)4 1411(Some protocols, while not inherently \257awed, are)6 2002 4 720 1920 t
(would do well to take these problems into account when providing the service.)12 3239 1 720 2040 t
9 B f
( ``Finger'' Service)2 715(5.1 The)1 323 2 720 2220 t
10 R f
(Many systems implement a)3 1145 1 720 2400 t
10 I f
(\256nger)1906 2400 w
10 R f
(service)2180 2400 w
7 R f
([23])2503 2360 w
10 R f
( users,)1 272( server will display useful information about)6 1872(. This)1 277 3 2619 2400 t
( such data provides useful)4 1093( Unfortunately,)1 657( their full names, phone numbers, of\256ce numbers, etc.)8 2264(such as)1 306 4 720 2520 t
(grist for the mill of a password cracker.)7 1672 1 720 2640 t
7 R f
([24])2392 2600 w
10 R f
( is giving)2 403(By running such a service, a system administrator)7 2090 2 2547 2640 t
(away this data.)2 612 1 720 2760 t
9 B f
( Mail)1 210(5.2 Electronic)1 568 2 720 2940 t
10 R f
( it is quite vulnerable)4 880( Nevertheless,)1 606(Electronic mail is probably the most valuable service on the Internet.)10 2834 3 720 3120 t
( normally implemented)2 989( As)1 197(to misuse.)1 434 3 720 3240 t
7 R f
([25][26])2340 3200 w
10 R f
(, the mail server provides no authentication mechanisms.)7 2468 1 2572 3240 t
( does support an)3 676( 822)1 184( RFC)1 257(This leaves the door wide open to faked messages.)8 2093 4 720 3360 t
10 I f
(Encrypted)3963 3360 w
10 R f
(header line, but)2 634 1 4406 3360 t
( see RFC 1040)3 658( \(However,)1 503(this is not widely used.)4 1004 3 720 3480 t
7 R f
([27])2885 3440 w
10 R f
(for a discussion of a proposed new encryption)7 1992 1 3048 3480 t
(standard for electronic mail.\))3 1182 1 720 3600 t
10 I f
( Post Of\256ce Protocol)3 865(5.2.1 The)1 416 2 720 3780 t
10 R f
(The)720 3960 w
10 I f
(The Post Of\256ce Protocol)3 1033 1 914 3960 t
10 R f
(\(POP\))1986 3960 w
7 R f
([28])2236 3920 w
10 R f
( remote user to retrieve mail stored on a central server)10 2305(allows a)1 344 2 2391 3960 t
( and the)2 368( is by means of a single command containing both the user name)12 2910(machine. Authentication)1 1042 3 720 4080 t
( single command mandates the use of conventional)7 2291( combining the two on a)5 1144(password. However,)1 885 3 720 4200 t
( vulnerable to wire-tappers,)3 1166( such passwords are becoming less popular; they are too)9 2459(passwords. And)1 695 3 720 4320 t
(intentional or accidental disclosure, etc.)4 1618 1 720 4440 t
( sites are adopting ``one-time passwords'')5 1752(As an alternative, many)3 990 2 720 4620 t
7 R f
(8)3462 4580 w
10 R f
( one-time passwords, the host)4 1245(. With)1 298 2 3497 4620 t
( host issues a random challenge;)5 1365( The)1 228( key.)1 209(and some device available to the user share a cryptographic)9 2518 4 720 4740 t
( the challenge is)3 733( Since)1 309( the host.)2 422(both sides encrypt this number, and the user transmits it back to)11 2856 4 720 4860 t
( since the user does)4 844( And)1 247( session, thereby defeating eavesdroppers.)4 1747(random, the reply is unique to that)6 1482 4 720 4980 t
( stored in the device \320 the password cannot be given away)11 2645(not know the key \320 it is irretrievably)7 1675 2 720 5100 t
(without depriving the user of the ability to log in.)9 2044 1 720 5220 t
(The newest version of POP)4 1193 1 720 5400 t
7 R f
([30])1913 5360 w
10 R f
( into two commands, which is)5 1330(has split the user name and password)6 1631 2 2079 5400 t
( using)1 250( it also de\256nes an optional mechanism for preauthenticated connections, typically)10 3344(useful. However,)1 726 3 720 5520 t
( the)1 159( the security risks of this variant are mentioned explicitly in)10 2491( Commendably,)1 683(Berkeley's mechanisms.)1 987 4 720 5640 t
(document.)720 5760 w
10 I f
(5.2.2 PCMAIL)1 627 1 720 5940 t
10 R f
(The)720 6120 w
10 I f
(PCMAIL)930 6120 w
10 R f
(protocol)1346 6120 w
7 R f
([31])1679 6080 w
10 R f
( one major)2 489( In)1 172(uses authentication mechanisms similar to those in POP2.)7 2528 3 1851 6120 t
( request requires)2 695( This)1 254( a password-change command.)3 1284( supports)1 383( it)1 133(respect, PCMAIL is more dangerous:)4 1571 6 720 6240 t
(that both the old and new passwords be transmitted unencrypted.)9 2663 1 720 6360 t
8 S1 f
(__________________)720 6807 w
8 R f
( passwords were apparently \256rst used for military IFF \(Identi\256cation Friend or Foe\) systems)13 3010(8. One-time)1 426 2 720 6927 t
5 R f
([29])4156 6895 w
8 R f
(.)4240 6927 w
cleartomark
showpage
restore
%%EndPage: 8 8
%%Page: 9 9
save
mark
9 pagesetup
10 R f
(- 9 -)2 182 1 2789 480 t
9 B f
( Domain Name System)3 895(5.3 The)1 323 2 720 960 t
10 R f
(The)720 1140 w
10 I f
(Domain Name System)2 920 1 919 1140 t
10 R f
(\(DNS\))1883 1140 w
7 R f
([32][33])2149 1100 w
10 R f
( mapping host names to IP)5 1164(provides for a distributed database)4 1451 2 2425 1140 t
( who interferes with the proper operation of the DNS can mount a variety of)14 3346( intruder)1 364(addresses. An)1 610 3 720 1260 t
( are a number of vulnerabilities.)5 1315( There)1 298(attacks, including denial of service and password collection.)7 2460 3 720 1380 t
( it is possible to mount a sequence number attack against a particular)12 2902(In some resolver implementations,)3 1418 2 720 1560 t
( generate a domain)3 789( the target user attempts to connect to a remote machine, an attacker can)13 3032(user. When)1 499 3 720 1680 t
( requires knowing both the UDP port used by the client's)10 2491( This)1 257( to the target's query.)4 935(server response)1 637 4 720 1800 t
( quite easy to obtain,)4 914( latter is often)3 618( The)1 235(resolver and the DNS sequence number used for the query.)9 2553 4 720 1920 t
( former may be)3 696( the)1 174( And)1 257(though, since some resolvers always start their sequence numbers with 0.)10 3193 4 720 2040 t
(obtainable via)1 571 1 720 2160 t
10 I f
(netstat)1324 2160 w
10 R f
(or some analogous host command.)4 1417 1 1624 2160 t
( intruder)1 351( The)1 223( attack on the domain system and the routing mechanisms can be catastrophic.)12 3246(A combined)1 500 4 720 2340 t
( a)1 97(can intercept virtually all requests to translate names to IP addresses, and supply the address of)15 4223 2 720 2460 t
( instead; this would allow the intruder to spy on all traf\256c, and build a nice collection)16 3560(subverted machine)1 760 2 720 2580 t
(of passwords if desired.)3 972 1 720 2700 t
( a suf\256ciently determined attacker might \256nd it)7 2019(For this reason, domain servers are high-value targets;)7 2301 2 720 2880 t
( or even)2 377(useful to take over a server by other means, including subverting the machine one is on,)15 3943 2 720 3000 t
( is no network defense against the former,)7 1856( There)1 316( the Internet.)2 559(physically interfering with its link to)5 1589 4 720 3120 t
( the latter issue may be)5 983(which suggests that domain servers should only run on highly secure machines;)11 3337 2 720 3240 t
(addressed by using authentication techniques on domain server responses.)8 3023 1 720 3360 t
( normal mode of)3 693( The)1 223( functioning correctly, can be used for some types of spying.)10 2518(The DNS, even when)3 886 4 720 3540 t
( a)1 94( However,)1 473( speci\256c responses.)2 818(operation of the DNS is to make speci\256c queries, and receive)10 2702 4 720 3660 t
10 I f
(zone)4857 3660 w
(transfer)720 3780 w
10 R f
( section of the database; by)5 1224(\(AXFR\) request exists that can be used to download an entire)10 2727 2 1089 3780 t
( a database)2 505( Such)1 292(applying this recursively, a complete map of the name space can be produced.)12 3523 3 720 3900 t
( an intruder knows that a particular brand of host or)10 2197(represents a potential security risk; if, for example,)7 2123 2 720 4020 t
( consulted to \256nd all such targets.)6 1449(operating system has a particular vulnerability, that database can be)9 2871 2 720 4140 t
( and type of machines in a particular)7 1637(Other uses for such a database include espionage; the number)9 2683 2 720 4260 t
( about the size of the organization, and hence the)9 2041(organization, for example, can give away valuable data)7 2279 2 720 4380 t
(resources committed to a particular project.)5 1775 1 720 4500 t
( system includes an error code for ``refused''; an administrative prohibition)10 3306(Fortunately, the domain)2 1014 2 720 4680 t
( code should)2 531( This)1 249( as a legitimate reason for refusal.)6 1427(against such zone transfers is explicitly recognized)6 2113 4 720 4800 t
(be employed for zone transfer requests from any host not known to be a legitimate secondary server.)16 4320 1 720 4920 t
( authentication mechanism provided in the AXFR request; source address)9 3204(Unfortunately, there is no)3 1116 2 720 5040 t
(authentication is the best that can be done.)7 1748 1 720 5160 t
( Hesiod)1 332( The)1 237( at M.I.T.)2 428(Recently, a compatible authentication extension to the DNS has been devised)10 3323 4 720 5340 t
(name server)1 534 1 720 5460 t
7 R f
([34])1254 5420 w
10 R f
(uses Kerberos)1 612 1 1445 5460 t
7 R f
([35])2057 5420 w
10 R f
( The)1 263(tickets to authenticate queries and responses.)5 2041 2 2248 5460 t
10 I f
(additional)4628 5460 w
(information)720 5580 w
10 R f
( the query carries an encrypted ticket, which includes a session key; this key,)13 3381(section of)1 416 2 1243 5580 t
( query)1 261(known only to Hesiod and the client, is used to compute a cryptographic checksum of the both the)17 4059 2 720 5700 t
( checksums are also sent in the additional information \256eld.)9 2453( These)1 304(and the response.)2 706 3 720 5820 t
9 B f
( File Transfer Protocol)3 900(5.4 The)1 323 2 720 6000 t
10 R f
(The)720 6180 w
10 I f
(File Transfer Protocol)2 926 1 910 6180 t
10 R f
(\(FTP\))1871 6180 w
7 R f
([36])2110 6140 w
10 R f
( a few aspects of the implementation)6 1530( However,)1 458(itself is not \257awed.)3 791 3 2261 6180 t
(merit some care.)2 678 1 720 6300 t
10 I f
( Authentication)1 622(5.4.1 FTP)1 444 2 720 6480 t
10 R f
( noted, simple passwords are)4 1239( As)1 191(FTP relies on a login and password combination for authentication.)9 2890 3 720 6660 t
( in the)2 278( Nothing)1 400( sites are adopting one-time passwords.)5 1640(increasingly seen as inadequate; more and more)6 2002 4 720 6780 t
( is vital, however, that the ``331'')6 1564( It)1 156(FTP speci\256cation precludes such an authentication method.)6 2600 3 720 6900 t
( a)1 83(response to)1 467 2 720 7020 t
10 I f
(USER)1309 7020 w
10 R f
(subcommand be displayed to the user; this message would presumably contain the)11 3448 1 1592 7020 t
( this response could not be used in this mode; if such)11 2234( FTP implementation that concealed)4 1489(challenge. An)1 597 3 720 7140 t
( become\) common, it may be necessary to use a new reply code to indicate that)15 3340(implementations are \(or)2 980 2 720 7260 t
cleartomark
showpage
restore
%%EndPage: 9 9
%%Page: 10 10
save
mark
10 pagesetup
10 R f
(- 10 -)2 232 1 2764 480 t
(the user must see the content of the challenge.)8 1902 1 720 960 t
10 I f
( FTP)1 211(5.4.2 Anonymous)1 732 2 720 1140 t
10 R f
( speci\256cation, anonymous)2 1063( not required by the FTP)5 1030( While)1 312(A second problem area is ``anonymous FTP''.)6 1915 4 720 1320 t
( it should be implemented with)5 1287( Nevertheless,)1 607( the Internet.)2 525(FTP is a treasured part of the oral tradition of)9 1901 4 720 1440 t
(care.)720 1560 w
( implementations of FTP require)4 1345( Some)1 296( the problem is the implementation technique chosen.)7 2207(One part of)2 472 4 720 1740 t
( care must be taken to ensure that these \256les are not)11 2252(creation of a partial replica of the directory tree;)8 2068 2 720 1860 t
( sensitive information, such as encrypted)5 1871( should they contain any)4 1165( Nor)1 260(subject to compromise.)2 1024 4 720 1980 t
(passwords.)720 2100 w
( there is no record of who has requested)8 1662(The second problem is that anonymous FTP is truly anonymous;)9 2658 2 720 2280 t
( techniques for)2 639( servers will provide that data; they also provide useful)9 2410( Mail-based)1 531(what information.)1 740 4 720 2400 t
(load-limiting)720 2520 w
7 R f
(9)1243 2480 w
10 R f
(, background transfers, etc.)3 1104 1 1278 2520 t
9 B f
( Network Management Protocol)3 1255(5.5 Simple)1 438 2 720 2700 t
10 R f
(The)720 2880 w
10 I f
( Management Protocol)2 977(Simple Network)1 663 2 927 2880 t
10 R f
(\(SNMP\))2620 2880 w
7 R f
([37])2959 2840 w
10 R f
(has recently been de\256ned to aid in network)7 1912 1 3128 2880 t
( RFC states this, but)4 886( The)1 232( access to such a resource must be heavily protected.)9 2271(management. Clearly,)1 931 4 720 3000 t
( a ``read-only'' mode is dangerous;)5 1460( Even)1 273( null authentication service; this is a bad idea.)8 1903(also allows for a)3 684 4 720 3120 t
(it may expose the target host to)6 1405 1 720 3240 t
10 I f
(netstat)2176 3240 w
10 R f
(-type attacks if the particular Management Information Base)7 2589 1 2451 3240 t
(\(MIB\))720 3360 w
7 R f
([38])975 3320 w
10 R f
( version does not; however, the)5 1363( current standardized)2 880( \(The)1 268(used includes sequence numbers.)3 1391 4 1138 3360 t
(MIB is explicitly declared to be extensible.\))6 1804 1 720 3480 t
9 B f
( Booting)1 330(5.6 Remote)1 468 2 720 3660 t
10 R f
(Two sets of protocols are used today to boot diskless workstations and gateways,)12 3694 1 720 3840 t
10 I f
(Reverse ARP)1 562 1 4478 3840 t
10 R f
(\(RARP\))720 3960 w
7 R f
([39])1048 3920 w
10 R f
(with the)1 348 1 1211 3960 t
10 I f
(Trivial File Transfer Protocol)3 1273 1 1607 3960 t
10 R f
(\(TFTP\))2928 3960 w
7 R f
([40])3228 3920 w
10 R f
(and BOOTP)1 520 1 3392 3960 t
7 R f
([41])3912 3920 w
10 R f
( system)1 326( A)1 153(with TFTP.)1 485 3 4076 3960 t
(being booted is a tempting target; if one can subvert the boot process, a new kernel with altered)17 4320 1 720 4080 t
( booting is riskier because it relies on Ethernet-)8 1990( RARP-based)1 592(protection mechanisms can be substituted.)4 1738 3 720 4200 t
( modest improvement in)3 1020( can achieve a)3 609( One)1 240(like networks, with all the vulnerabilities adhering thereto.)7 2451 4 720 4320 t
( otherwise,)1 448(security by ensuring that the booting machine uses a random number for its UDP source port;)15 3872 2 720 4440 t
(an attacker can impersonate the server and send false DATA packets.)10 2846 1 720 4560 t
( by including a 4-byte random)5 1257(BOOTP adds an additional layer of security)6 1807 2 720 4740 t
10 I f
(transaction id)1 569 1 3819 4740 t
10 R f
( prevents)1 373(. This)1 271 2 4396 4740 t
( is vital that these)4 764( It)1 135( to a workstation known to be rebooting.)7 1733(an attacker from generating false replies)5 1688 4 720 4860 t
( is freshly powered up, and hence with)7 1632(numbers indeed be random; this can be dif\256cult in a system that)11 2688 2 720 4980 t
( should be taken when booting through gateways; the more)9 2676( Care)1 282(little or no unpredictable state.)4 1362 3 720 5100 t
(networks traversed, the greater the opportunity for impersonation.)7 2687 1 720 5220 t
( has only a single chance; a system)7 1563(The greatest measure of protection is that normally, the attacker)9 2757 2 720 5400 t
( and the)2 374( however, communications between the client)5 1980( If,)1 179(being booted does not stay in that state.)7 1787 4 720 5520 t
(standard server may be interrupted, larger-scale attacks may be mounted.)9 2989 1 720 5640 t
9 B f
( ATTACKS)1 465(6. TRIVIAL)1 513 2 720 5880 t
10 R f
( completeness demands that they at least be)7 1809(A few attacks are almost too trivial to mention; nevertheless,)9 2511 2 720 6060 t
(noted.)720 6180 w
8 S1 f
(__________________)720 6717 w
8 R f
( this)1 144( If)1 107( technical report.)2 553( a host was temporarily rendered unusable by massive numbers of FTP requests for a popular)15 3087(9. Recently,)1 429 5 720 6837 t
(were deliberate, it would be considered a successful denial of service attack.)11 2489 1 846 6927 t
cleartomark
showpage
restore
%%EndPage: 10 10
%%Page: 11 11
save
mark
11 pagesetup
10 R f
(- 11 -)2 232 1 2764 480 t
9 B f
( of the Local Network)4 865(6.1 Vulnerability)1 688 2 720 960 t
10 R f
( extremely vulnerable to eavesdropping and)5 1799(Some local-area networks, notably the Ethernet networks, are)7 2521 2 720 1140 t
( unwise)1 321( is also)2 306( It)1 133( such networks are used, physical access must be strictly controlled.)10 2852(host-spoo\256ng. If)1 708 5 720 1260 t
( any machine on the network is accessible to untrusted personnel,)10 2745(to trust any hosts on such networks if)7 1575 2 720 1380 t
(unless authentication servers are used.)4 1559 1 720 1500 t
(If the local network uses the Address Resolution Protocol \(ARP\))9 2706 1 720 1680 t
7 R f
([42])3426 1640 w
10 R f
( forms of host-spoo\256ng)3 978(more subtle)1 482 2 3580 1680 t
( packets, rather than just)4 1025( particular, it becomes trivial to intercept, modify, and forward)9 2627( In)1 155(are possible.)1 513 4 720 1800 t
(taking over the host's role or simply spying on all traf\256c.)10 2359 1 720 1920 t
(It is possible to launch denial of service attacks by triggering)10 2560 1 720 2100 t
10 I f
(broadcast storms)1 705 1 3318 2100 t
10 R f
( are a variety of)4 681(. There)1 328 2 4031 2100 t
( The)1 225( as gateways.)2 553(ways to do this; it is quite easy if most or all of the hosts on the network are acting)19 3542 3 720 2220 t
( host, upon receiving it, will)5 1175( Each)1 266(attacker can broadcast a packet destined for a non-existent IP address.)10 2879 3 720 2340 t
( alone will represent a signi\256cant amount of traf\256c,)8 2140( This)1 248(attempt to forward it to the proper destination.)7 1932 3 720 2460 t
( attacker can follow up by)5 1134( The)1 232( broadcast ARP query for the destination.)6 1770(as each host will generate a)5 1184 4 720 2580 t
( is the proper way to reach that)7 1324(broadcasting an ARP reply claiming that the broadcast Ethernet address)9 2996 2 720 2700 t
( suspectible host will then not only resend the bogus packet, it will also receive many)15 3588(destination. Each)1 732 2 720 2820 t
(more copies of it from the other suspectible hosts on the network.)11 2707 1 720 2940 t
9 B f
( Trivial File Transfer Protocol)4 1195(6.2 The)1 323 2 720 3120 t
10 R f
(TFTP)720 3300 w
7 R f
([40])954 3260 w
10 R f
( any publicly-readable \256le in)4 1196( Thus,)1 295(permits \256le transfers without any attempt at authentication.)7 2443 3 1106 3300 t
( is the responsibility of the implementor and/or the system)9 2708( It)1 161(the entire universe is accessible.)4 1451 3 720 3420 t
(administrator to make that universe as small as possible.)8 2315 1 720 3540 t
9 B f
( Ports)1 235(6.3 Reserved)1 528 2 720 3720 t
10 R f
( is, port numbers lower)4 976( That)1 254( the notion of a ``privileged port''.)6 1456(Berkeley-derived TCPs and UDPs have)4 1634 4 720 3900 t
( restriction is used as part of the)7 1511( This)1 270( may only be allocated to privileged processes.)7 2107(than 1024)1 432 4 720 4020 t
( neither the TCP nor the UDP speci\256cations contain any such)10 2743( However,)1 477(authentication mechanism.)1 1100 3 720 4140 t
( should never)2 558( Administrators)1 668( computer.)1 437(concept, nor is such a concept even meaningful on a single-user)10 2657 4 720 4260 t
(rely on the Berkeley authentication schemes when talking to such machines.)10 3128 1 720 4380 t
9 B f
( DEFENSES)1 495(7. COMPREHENSIVE)1 933 2 720 4620 t
10 R f
( techniques are)2 646( Several)1 381( against a variety of individual attacks.)6 1689(Thus far, we have described defenses)5 1604 4 720 4800 t
( they may be employed to guard against not only these attacks, but many others)14 3289(broad-spectrum defenses;)1 1031 2 720 4920 t
(as well.)1 313 1 720 5040 t
9 B f
(7.1 Authentication)1 748 1 720 5220 t
10 R f
( because the target host uses the IP source address)9 2115(Many of the intrusions described above succeed only)7 2205 2 720 5400 t
( there are suf\256ciently many ways to)6 1563( Unfortunately,)1 666( assumes it to be genuine.)5 1142(for authentication, and)2 949 4 720 5520 t
( another way, source address)4 1313( Put)1 233( such techniques are all but worthless.)6 1763(spoof this address that)3 1011 4 720 5640 t
( of a \256le cabinet secured with an S100 lock; it may reduce the temptation)14 3044(authentication is the equivalent)3 1276 2 720 5760 t
( little or nothing to deter anyone even slightly)8 2051(level for more-or-less honest passers-by, but will do)7 2269 2 720 5880 t
(serious about gaining entry.)3 1134 1 720 6000 t
( Perhaps)1 391( are several possible approaches.)4 1372( There)1 307( of cryptographic authentication is needed.)5 1787(Some form)1 463 5 720 6180 t
(the best-known is the Needham-Schroeder algorithm)5 2180 1 720 6300 t
7 R f
([20][21][22])2900 6260 w
10 R f
( a key with)3 480( relies on each host sharing)5 1154(. It)1 158 3 3248 6300 t
( server; a host wishing to establish a connection obtains a session key from the)14 3603(an authentication)1 717 2 720 6420 t
( the conclusion of the)4 956( At)1 183(authentication server and passes a sealed version along to the destination.)10 3181 3 720 6540 t
( of the algorithm exist for both)6 1365( Versions)1 436( is convinced of the identity of the other.)8 1807(dialog, each side)2 712 4 720 6660 t
(private-key and public-key)2 1091 1 720 6780 t
7 R f
([43])1811 6740 w
10 R f
(cryptosystems.)1960 6780 w
( preauthenticated)1 700( them,)1 265( with)1 251( answer is obvious:)3 814( One)1 239(How do these schemes \256t together with TCP/IP?)7 2051 6 720 6960 t
( second answer is that the)5 1073( A)1 141(connections can be implemented safely; without them, they are quite risky.)10 3106 3 720 7080 t
( as it already incorporates the necessary name)7 1972(DNS provides an ideal base for authentication systems,)7 2348 2 720 7200 t
( be sure, key distribution responses must be authenticated and/or)9 2967( To)1 212(structure, redundancy, etc.)2 1141 3 720 7320 t
cleartomark
showpage
restore
%%EndPage: 11 11
%%Page: 12 12
save
mark
12 pagesetup
10 R f
(- 12 -)2 232 1 2764 480 t
(encrypted; as noted, the former seems to be necessary in any event.)11 2773 1 720 960 t
( environments, care must be taken to use the session key to encrypt the entire conversation; if)16 3986(In some)1 334 2 720 1140 t
(this is not done, an attacker can take over a connection via the mechanisms described earlier.)15 3825 1 720 1260 t
9 B f
(7.2 Encryption)1 608 1 720 1440 t
10 R f
( encryption devices are)3 973( But)1 220( outlined above.)2 675(Suitable encryption can defend against most of the attacks)8 2452 4 720 1620 t
( are different)2 562( There)1 314( to administer, and uncommon in the civilian sector.)8 2274(expensive, often slow, hard)3 1170 4 720 1740 t
( comprehensive treatment of)3 1247( A)1 166( and weaknesses.)2 756(ways to apply encryption; each has its strengths)7 2151 4 720 1860 t
( Kent)1 233(encryption is beyond the scope of this paper; interested readers should consult Voydock and)13 3849 2 720 1980 t
7 R f
([44])4802 1940 w
10 R f
(or)4957 1980 w
(Davies and Price)2 692 1 720 2100 t
7 R f
([45])1412 2060 w
10 R f
(.)1528 2100 w
( \320 is an excellent method)5 1091(Link-level encryption \320 encrypting each packet as it leaves the host computer)11 3229 2 720 2280 t
( also works well against physical intrusions; an attacker)8 2305( It)1 129(of guarding against disclosure of information.)5 1886 3 720 2400 t
( inject spurious packets.)3 1071(who tapped in to an Ethernet cable, for example, would not be able to)13 3249 2 720 2520 t
( The)1 237( would not be able to impersonate it.)7 1628(Similarly, an intruder who cut the line to a name server)10 2455 3 720 2640 t
( key determines the security of the network; typically, a key)10 2693(number of entities that share a given)6 1627 2 720 2760 t
(distribution center will allocate keys to each pair of communicating hosts.)10 3035 1 720 2880 t
( packets are dif\256cult to secure; in the)7 1591( Broadcast)1 474(Link-level encryption has some weaknesses, however.)5 2255 3 720 3060 t
( the ability)2 444(absence of fast public-key cryptosystems, the ability to decode an encrypted broadcast implies)12 3876 2 720 3180 t
( link-level encryption, by)3 1037( Furthermore,)1 591(to send such a broadcast, impersonating any host on the network.)10 2692 3 720 3300 t
(de\256nition, is not end-to-end; security of a conversation across gateways implies trust in the gateways and)15 4320 1 720 3420 t
( may be)2 386( latter constraint)2 717( \(This)1 303(assurance that the full concatenated internet is similarly protected.)8 2914 4 720 3540 t
( such constraints are not met, tactics such)7 1723( If)1 134( done in the military sector.\))5 1182(enforced administratively, as is)3 1281 4 720 3660 t
( gateways can be deployed at the)6 1391( Paranoid)1 426(as source-routing attacks or RIP-spoo\256ng may be employed.)7 2503 3 720 3780 t
( incoming RIP packets or source-routed)5 1689(entrance to security domains; these might, for example, block)8 2631 2 720 3900 t
(packets.)720 4020 w
( Defense Data Network)3 1004( All)1 208( of the DARPA Internet employ forms of link encryption.)9 2501(Many portions)1 607 4 720 4200 t
( classi\256ed lines use more)4 1047(\(DDN\) IMP-to-IMP trunks use DES encryption, even for non-classi\256ed traf\256c;)9 3273 2 720 4320 t
(secure cryptosystems)1 881 1 720 4440 t
7 R f
([46])1601 4400 w
10 R f
( easy to)2 367( however, are point-to-point lines, which are comparatively)7 2580(. These,)1 376 3 1717 4440 t
(protect.)720 4560 w
( link encryption device for TCP/IP is the)7 1708(A multi-point)1 559 2 720 4740 t
10 I f
(Blacker Front End)2 773 1 3024 4740 t
10 R f
(\(BFE\))3834 4740 w
7 R f
([47])4084 4700 w
10 R f
( BFE looks to)3 590(. The)1 250 2 4200 4740 t
( it)1 104( When)1 319(the host like an X.25 DDN interface, and sits between the host and the actual DDN line.)16 3897 3 720 4860 t
( a new destination, it contacts an Access Control Center \(ACC\))10 2657(receives a call request packet specifying)5 1663 2 720 4980 t
( the local host is denied)5 991( If)1 134( \(KDC\) for cryptographic keys.)4 1295(for permission, and a Key Distribution Center)6 1900 4 720 5100 t
( ``Emergency)1 555( special)1 311( A)1 139(permission to talk to the remote host, an appropriate diagnostic code is returned.)12 3315 4 720 5220 t
( restricted set of destinations at times when the link to the)11 2455(Mode'' is available for communications to a)6 1865 2 720 5340 t
(KDC or ACC is not working.)5 1218 1 720 5460 t
( if)1 97( Even)1 274( earlier.)1 315(The permission-checking can, to some extent, protect against the DNS attacks described)11 3634 4 720 5640 t
( the BFE will ensure that)5 1037(a host has been mislead about the proper IP address for a particular destination,)13 3283 2 720 5760 t
( is, assume that a host wishes to send)8 1608( That)1 257(a totally unauthorized host does not receive sensitive data.)8 2455 3 720 5880 t
(Top Secret data to some host)5 1227 1 720 6000 t
10 I f
(foo)1986 6000 w
10 R f
( DNS attack might mislead the host into connecting to penetrated)10 2749(. A)1 169 2 2122 6000 t
( material, or is not allowed)5 1191( 4.0.0.4 is not cleared for Top Secret)7 1619( If)1 147(host 4.0.0.4, rather than 1.0.0.1.)4 1363 4 720 6120 t
( denial of service)3 741( be sure, a)3 464( To)1 189(communications with the local host, the connection attempt will fail.)9 2926 4 720 6240 t
(attack has taken place; this, in the military world, is far less serious than information loss.)15 3700 1 720 6360 t
( to an encrypted \(``Black''\) address, using a)7 1903(The BFE also translates the original \(``Red''\) IP address)8 2417 2 720 6540 t
( is done to foil traf\256c analysis techniques, the bane of all)11 2445( This)1 253( ACC.)1 273(translation table supplied by the)4 1349 4 720 6660 t
(multi-point link encryption schemes.)3 1496 1 720 6780 t
( of the)2 285(End-to-end encryption, above the TCP level, may be used to secure any conversation, regardless)13 4035 2 720 6960 t
( centralized network)2 878( is probably appropriate for)4 1224( This)1 269(number of hops or the quality of the links.)8 1949 4 720 7080 t
( and management is a)4 1009( distribution)1 522( Key)1 259(management applications, or other point-to-point transfers.)5 2530 4 720 7200 t
( since encryption)2 716( Furthermore,)1 599( correspondents involved.)2 1063(greater problem, since there are more pairs of)7 1942 4 720 7320 t
cleartomark
showpage
restore
%%EndPage: 12 12
%%Page: 13 13
save
mark
13 pagesetup
10 R f
(- 13 -)2 232 1 2764 480 t
( initiation or after termination of the TCP processing, host-level software)10 3036(and decryption are done before)4 1284 2 720 960 t
(must arrange for the translation; this implies extra overhead for each such conversation)12 3572 1 720 1080 t
7 R f
(10)4292 1040 w
10 R f
(.)4362 1080 w
( denial of service attacks, since fraudulently-injected packets can)8 2718(End-to-end encryption is vulnerable to)4 1602 2 720 1260 t
( combination of end-to-end encryption)4 1610( A)1 147( tests and make it to the application.)7 1557(pass the TCP checksum)3 1006 4 720 1380 t
( alternative would be to)4 1003( intriguing)1 434( An)1 194(and link-level encryption can be employed to guard against this.)9 2689 4 720 1500 t
( TCP checksum would be calculated)5 1496(encrypt the data portion of the TCP segment, but not the header; the)12 2824 2 720 1620 t
( a change would be)4 882( such)1 235( Unfortunately,)1 670(on the cleartext, and hence would detect spurious packets.)8 2533 4 720 1740 t
(incompatible with other implementations of TCP, and could not be done transparently at application)13 4320 1 720 1860 t
(level.)720 1980 w
(Regardless of the method used, a major bene\256t of encrypted communications is the implied)13 4320 1 720 2160 t
( assumes that the key distribution center is secure, and the key)11 2793( one)1 198( If)1 153(authentication they provide.)2 1176 4 720 2280 t
( with it a strong assurance)5 1145(distribution protocols are adequate, the very ability to communicate carries)9 3175 2 720 2400 t
(that one can trust the source host's IP address for identi\256cation.)10 2618 1 720 2520 t
( routing attack can)3 794( A)1 148( especially important in high-threat situations.)5 1928(This implied authentication can be)4 1450 4 720 2700 t
( the)1 167(be used to ``take over'' an existing connection; the intruder can effectively cut the connection at)15 4153 2 720 2820 t
( while translate sequence)3 1093(subverted machine, send dangerous commands to the far end, and all the)11 3227 2 720 2940 t
(numbers on packets passed through so as to disguise the intrusion.)10 2731 1 720 3060 t
( that is the)3 465( Often)1 302( any of these encryption schemes provide privacy.)7 2120(It should be noted, of course, that)6 1433 4 720 3240 t
(primary goal of such systems.)4 1228 1 720 3360 t
9 B f
( Systems)1 340(7.3 Trusted)1 478 2 720 3540 t
10 R f
( suite, it is worth asking to what extent the Orange)10 2132(Given that TCP/IP is a Defense Department protocol)7 2188 2 720 3720 t
(Book)720 3840 w
7 R f
([48])937 3800 w
10 R f
(and Red Book)2 626 1 1105 3840 t
7 R f
([49])1731 3800 w
10 R f
( is,)1 145( That)1 269( above.)1 316(criteria would protect a host from the attacks described)8 2411 4 1899 3840 t
( these attacks succeed?)3 967( Could)1 320( higher.)1 322(suppose that a target host \(and the gateways!\) were rated B1 or)11 2711 4 720 3960 t
( general,)1 365( In)1 163( a complex one, and depends on the assumptions we are willing to make.)13 3196(The answer is)2 596 4 720 4080 t
( rated at B2 or higher are immune to the attacks described here, while C2-level systems)15 3623(hosts and routers)2 697 2 720 4200 t
( systems are vulnerable to some of these attacks, but not all.)11 2482( B1-level)1 410(are susceptible.)1 623 3 720 4320 t
( is used in secure environments, a brief tutorial on the military)11 2783(In order to understand how TCP/IP)5 1537 2 720 4500 t
( All)1 198(security model is necessary.)3 1156 2 720 4620 t
10 I f
(objects)2111 4620 w
10 R f
( channels, and)2 590(in the computer system, such as \256les or network)8 2019 2 2431 4620 t
(all data exported from them, must have a)7 1783 1 720 4740 t
10 I f
(label)2550 4740 w
10 R f
(indicating the sensitivity of the information in them.)7 2243 1 2797 4740 t
( Secret, and Top Secret\) and non-)6 1572(This label includes hierarchical components \(i.e., Con\256dential,)6 2748 2 720 4860 t
(hierarchical components.)1 1039 1 720 4980 t
10 I f
(Subjects)1853 4980 w
10 R f
( computer system \320 are similarly)5 1542(\320 i.e., processes within the)4 1251 2 2247 4980 t
( subject may)2 535(labeled. A)1 458 2 720 5100 t
10 I f
(read)1753 5100 w
10 R f
( equal hierarchical level and if all of)7 1541(an object if its label has a higher or)8 1523 2 1976 5100 t
( other words, the process)4 1039( In)1 152( label.)1 255(the object's non-hierarchical components are included in the subject's)8 2874 4 720 5220 t
( a subject may write to an object)7 1386( Similarly,)1 469( \256le.)1 191(must have suf\256cient clearance for the information in a)8 2274 4 720 5340 t
( object has a)3 565(if the)1 230 2 720 5460 t
10 I f
(higher)1563 5460 w
10 R f
(or equal level and the object's non-hierarchical components include all of)10 3168 1 1872 5460 t
( is, the sensitivity level of the \256le must be at least as high as that of)16 2914( That)1 257(those in the subject's level.)4 1149 3 720 5580 t
( a \256le that is)4 549( it were not, a program with a high clearance could write classi\256ed data to)14 3148( If)1 138(the process.)1 485 4 720 5700 t
(readable by a process with a low security clearance.)8 2132 1 720 5820 t
( access to any \256le, its security label must exactly match that of)12 2662(A corollary to this is that for read/write)7 1658 2 720 6000 t
( communication \(i.e., a TCP)4 1222( same applies to any form of bidirectional interprocess)8 2366( The)1 237(the process.)1 495 4 720 6120 t
(virtual circuit\): both ends must have identical labels.)7 2154 1 720 6240 t
( a process creates a TCP)5 1037( When)1 309( TCP/IP protocol suite.)3 962(We can now see how to apply this model to the)10 2012 4 720 6420 t
( label is encoded in the IP security option.)8 1767( This)1 247( is given the process's label.)5 1181(connection, that connection)2 1125 4 720 6540 t
( must ensure that the label on received packets matches that of the receiving process.)14 3622(The remote TCP)2 698 2 720 6660 t
8 S1 f
(__________________)720 6840 w
8 R f
(10. We are assuming that TCP is handled by the host, and not by a front-end processor.)16 2876 1 720 6960 t
cleartomark
showpage
restore
%%EndPage: 13 13
%%Page: 14 14
save
mark
14 pagesetup
10 R f
(- 14 -)2 232 1 2764 480 t
( the connection is)3 825(Servers awaiting connections may be eligible to run at multiple levels; when)11 3495 2 720 960 t
(instantiated, however, the process must be forced to the level of the connection request packet.)14 3890 1 720 1080 t
(IP also makes use of the security option)7 1786 1 720 1260 t
7 R f
([50])2506 1220 w
10 R f
( packet may not be sent over a link with a lower)11 2235(. A)1 183 2 2622 1260 t
( it may carry Unclassi\256ed or Con\256dential traf\256c, but)8 2191( a link is rated for Secret traf\256c,)7 1360( If)1 137(clearance level.)1 632 4 720 1380 t
( security)1 357( The)1 229( the security option constrains routing decisions.)6 2031( Thus,)1 299( Top Secret data.)3 724(it may not carry)3 680 6 720 1500 t
( the)1 155(level of a link depends on its inherent characteristics, the strength of any encryption algorithms used,)15 4165 2 720 1620 t
( example, an)2 557( For)1 222( location of the facility.)4 1035(security levels of the hosts on that network, and even the)10 2506 4 720 1740 t
( located in a submarine is much more secure than if the same cable were running through)16 3735(Ethernet cable)1 585 2 720 1860 t
(a dormitory room in a university.)5 1367 1 720 1980 t
( penetration at the)3 745( TCP-level attacks can only achieve)5 1473( First,)1 275(Several points follow from these constraints.)5 1827 4 720 2160 t
( is, an attacker at the Unclassi\256ed level could only achieve Unclassi\256ed)11 3153( That)1 269(level of the attacker.)3 898 3 720 2280 t
( attack was used)3 696(privileges on the target system, regardless of which network)8 2516 2 720 2400 t
7 R f
(11)3932 2360 w
10 R f
( packets with)2 557(. Incoming)1 481 2 4002 2400 t
(an invalid security marking would be rejected by the gateways.)9 2595 1 720 2520 t
( Orange)1 341( The)1 236(Attacks based on any form of source-address authentication should be rejected as well.)12 3743 3 720 2700 t
( provide secure means of identi\256cation and authentication; as we have shown,)11 3210(Book requires that systems)3 1110 2 720 2820 t
( of the B1 level, authentication information must)7 2054( As)1 184( address is not adequate.)4 1033(simple reliance on the IP)4 1049 4 720 2940 t
(be protected by cryptographic checksums when transmitted from machine to machine)10 3501 1 720 3060 t
7 R f
(12)4221 3020 w
10 R f
(.)4291 3060 w
(The)720 3240 w
10 I f
(authentication)911 3240 w
10 R f
( especially)1 436(server is still problematic; it can be spoofed by a sequence number attack,)12 3079 2 1525 3240 t
(if)720 3360 w
10 I f
(netstat)840 3360 w
10 R f
( of attack could easily be combined with source routing for full)11 2884( sort)1 209( This)1 270(is available.)1 511 4 1166 3360 t
( cryptographic checksums would add signi\256cant strength.)6 2348( Again,)1 335(interactive access.)1 733 3 720 3480 t
( from routing attacks; RIP-spoo\256ng could corrupt their)7 2323(B1-level systems are not automatically immune)5 1997 2 720 3660 t
( seen, that would allow an intruder to capture passwords, perhaps even)11 2973( As)1 183(routing tables just as easily.)4 1164 3 720 3780 t
( be sure, the initial penetration is still restricted by the security)11 2635( To)1 182(some used on other trusted systems.)5 1503 3 720 3900 t
(labelling, but that may not block future logins captured by these means.)11 2949 1 720 4020 t
( if the route to a secure destination is)8 1534( Speci\256cally,)1 563(Routing attacks can also be used for denial of service.)9 2223 3 720 4200 t
( change)1 318( This)1 247( require use of an insecure link, the two hosts will not be able to communicate.)15 3308(changed to)1 447 4 720 4320 t
( detected rather quickly, though, since the gateway that noticed the misrouted packet)12 3545(would probably be)2 775 2 720 4440 t
(would \257ag it as a security problem.)6 1455 1 720 4560 t
( requirements)1 568( Similar)1 375( is required.)2 518(At the B2 level, secure transmission of routing control information)9 2859 4 720 4740 t
(apply to other network control information, such as ICMP packets.)9 2744 1 720 4860 t
(Several attacks we have described rely on data derived from ``information servers'', such as)13 3834 1 720 5040 t
10 I f
(netstat)4591 5040 w
10 R f
(and)4896 5040 w
10 I f
(\256nger)720 5160 w
10 R f
( these, if carefully done, may not represent a direct penetration threat in the civilian sense,)15 3742(. While)1 337 2 961 5160 t
(they are often seen to represent a)6 1384 1 720 5280 t
10 I f
(covert channel)1 602 1 2141 5280 t
10 R f
( many B-)2 398( Thus,)1 296( used to leak information.)4 1076(that may be)2 490 4 2780 5280 t
(division systems do not implement such servers.)6 1984 1 720 5400 t
( technical features we have described may not apply in the military)11 2917(In a practical sense, some of the)6 1403 2 720 5580 t
( rules)1 235(world. Administrative)1 932 2 720 5700 t
7 R f
([51])1887 5660 w
10 R f
( interconnections; uncleared personnel are)4 1752(tend to prohibit risky sorts of)5 1244 2 2044 5700 t
( rules are, most)3 676( Such)1 281(not likely to have even indirect access to systems containing Top Secret data.)12 3363 3 720 5820 t
(likely, an accurate commentary on anyone's ability to validate any computer system of non-trivial size.)14 4233 1 720 5940 t
9 B f
(8. CONCLUSIONS)1 788 1 720 6180 t
10 R f
( in general, relying)3 805( \256rst, surely, is that)4 831( The)1 229(Several points are immediately obvious from this analysis.)7 2455 4 720 6360 t
( is extremely dangerous)3 1089(on the IP source address for authentication)6 1972 2 720 6480 t
7 R f
(13)3781 6440 w
10 R f
( the Internet)2 574(. Fortunately,)1 615 2 3851 6480 t
8 S1 f
(__________________)720 6660 w
8 R f
(11. We are assuming, of course, that the penetrated system does not have bugs of its own that would allow further access.)21 3994 1 720 6780 t
( certain)1 245( Under)1 255( be protected to an equal extent with data sensitivity labels.)10 1979( precisely, user identi\256cation information must)5 1543(12. More)1 298 5 720 6900 t
( general, though, they are required.)5 1142( In)1 118(circumstances, described in the Red Book, cryptographic checks may be omitted.)10 2647 3 846 6990 t
( all of its components \(hosts, gateways, cables, etc.\) are)9 1916( the entire network, and)4 825( If)1 116( are some exceptions to this rule.)6 1152(13. There)1 311 5 720 7110 t
(physically protected, and if all of the operating systems are suf\256ciently secure, there would seem to be little risk.)18 3685 1 846 7200 t
cleartomark
showpage
restore
%%EndPage: 14 14
%%Page: 15 15
save
mark
15 pagesetup
10 R f
(- 15 -)2 232 1 2764 480 t
( Berkeley manuals)2 779( The)1 231( intellectual level.)2 749(community is starting to accept this on more than an)9 2249 4 720 960 t
7 R f
([3])4728 920 w
10 R f
(have)4852 960 w
( very weak, but it is only recently that serious attempts)10 2274(always stated that the authentication protocol was)6 2046 2 720 1080 t
(\(i.e., Kerberos)1 579 1 720 1200 t
7 R f
([35])1299 1160 w
10 R f
(and SunOS 4.0's DES authentication mode)5 1772 1 1449 1200 t
7 R f
([52])3221 1160 w
10 R f
( been made to correct the problem.)6 1448(\) have)1 255 2 3337 1200 t
( More)1 294( have their weaknesses, but both are far better than their predecessor.)11 2970(Kerberos and SunOS 4.0)3 1056 3 720 1320 t
( the)1 181(recently, an extension to)3 1075 2 720 1440 t
10 I f
(Network Time Protocol)2 1007 1 2035 1440 t
10 R f
(\(NTP\))3101 1440 w
7 R f
([53])3356 1400 w
10 R f
(has been proposed that includes a)5 1509 1 3531 1440 t
(cryptographic checksum)1 986 1 720 1560 t
7 R f
([54])1706 1520 w
10 R f
(.)1822 1560 w
( a protocol depends on sequence)5 1434( If)1 152( number attacks.)2 713(A second broad class of problems is sequence)7 2021 4 720 1740 t
( is worth considerable effort)4 1169( It)1 130( most do \320 it is vital that they be chosen unpredictably.)11 2359(numbers \320 and)2 662 4 720 1860 t
(to ensure that these numbers are not knowable even to other users on the same system.)15 3575 1 720 1980 t
( A)1 141(We may generalize this by by stating that hosts should not give away knowledge gratuitously.)14 3909 2 720 2160 t
10 I f
(\256nger)4807 2160 w
10 R f
( user, rather than)3 694(server, for example, would be much safer if it only supplied information about a known)14 3626 2 720 2280 t
( then, some censorship might be appropriate; a)7 1983( Even)1 280( on.)1 167(supplying information about everyone logged)4 1890 4 720 2400 t
( supply the last login date and other sensitive information would be appropriate if the account)15 3932(refusal to)1 388 2 720 2520 t
( Infrequently-used)1 789( accounts often have simple default passwords.)6 2009( \(Never-used)1 572(was not used recently.)3 950 4 720 2640 t
( have also seen how)4 850( We)1 210(accounts are often set up less carefully by the owner.\))9 2270 3 720 2760 t
10 I f
(netstat)4088 2760 w
10 R f
(may be abused;)2 647 1 4393 2760 t
(indeed, the combination of)3 1110 1 720 2880 t
10 I f
(netstat)1868 2880 w
10 R f
(with the)1 338 1 2173 2880 t
10 I f
(authentication)2549 2880 w
10 R f
(server is the single strongest attack using the)7 1875 1 3165 2880 t
(standardized Internet protocols.)2 1277 1 720 3000 t
( are not)2 317( routes)1 277( Static)1 294(Finally, network control mechanisms are dangerous, and must be carefully guarded.)10 3432 4 720 3180 t
( use of default routes and veri\256able point-to-point routing)8 2367(feasible in a large-scale network, but intelligent)6 1953 2 720 3300 t
(protocols \(i.e., EGP\) are far less vulnerable than broadcast-based routing.)9 3001 1 720 3420 t
9 B f
(9. ACKNOWLEDGEMENTS)1 1188 1 720 3660 t
10 R f
( Deborah Estrin made a number of useful)7 1831(Dave Presotto, Bob Gilligan, Gene Tsudik, and especially)7 2489 2 720 3840 t
(suggestions and corrections to a draft of this paper.)8 2102 1 720 3960 t
10 I f
(REFERENCES)2574 4560 w
10 R f
( Feinler, O.J. Jacobsen, M.K. Stahl, C.A. Ward, eds.)8 2185(1. E.J.)1 258 2 770 4800 t
10 I f
(DDN Protocol Handbook)2 1051 1 3283 4800 t
10 R f
( Network)1 387(. DDN)1 311 2 4342 4800 t
(Information Center, SRI International, 1985.)4 1816 1 878 4920 t
( D.)1 141(2. Comer,)1 405 2 770 5100 t
10 I f
( Principles, Protocols, and Architecture)4 1679(Internetworking with TCP/IP :)3 1288 2 1393 5100 t
10 R f
( Hall,)1 242(. Prentice)1 430 2 4368 5100 t
(1988)878 5220 w
( Systems Research Group.)3 1090(3. Computer)1 508 2 770 5400 t
10 I f
(U)2438 5400 w
8 I f
(NIX)2510 5400 w
10 I f
( Berkeley Software)2 776( 4.3)1 195(User's Reference Manual \(URM\).)3 1393 3 2676 5400 t
(Distribution Virtual Vax-11 Version.)3 1635 1 878 5520 t
10 R f
( Division, Department of Electrical)4 1626(Computer Science)1 789 2 2625 5520 t
( 1986.)1 291(Engineering and Computer Science, University of California, Berkeley.)7 2918 2 878 5640 t
( E.H.)1 223(4. Spafford,)1 482 2 770 5820 t
10 I f
(The Internet Worm Program: An Analysis)5 1754 1 1548 5820 t
10 R f
( Technical Report CSD-TR-823,)3 1349(. Purdue)1 381 2 3310 5820 t
( 1988)1 266(Department of Computer Sciences Purdue University, West Lafayette, IN.)8 3033 2 878 5940 t
(5. Seeley, D.)2 529 1 770 6120 t
10 I f
(A Tour of the Worm)4 832 1 1365 6120 t
10 R f
( 1988.)1 291( of Computer Science, University of Utah.)6 1740(. Department)1 562 3 2205 6120 t
( M. and Rochlis, J.)4 833(6. Eichin,)1 394 2 770 6300 t
10 I f
( Analysis of the Internet Virus of)6 1426( An)1 189(With Microscope and Tweezers:)3 1350 3 2075 6300 t
(November 1988.)1 668 1 878 6420 t
10 R f
(Massachussetts Institute of Technology, 1988.)4 1886 1 1612 6420 t
( 1985.)1 320( R.T.)1 240(7. Morris,)1 405 3 770 6600 t
10 I f
(A Weakness in the 4.2BSD U)5 1344 1 1830 6600 t
8 I f
(NIX)3174 6600 w
10 I f
(TCP/IP Software)1 724 1 3365 6600 t
10 R f
( Science)1 372(. Computing)1 571 2 4097 6600 t
(Technical Report No. 117, AT&T Bell Laboratories, Murray Hill, New Jersey.)10 3227 1 878 6720 t
(8. Reynolds, J.K., and J. Postel.)5 1307 1 770 6900 t
10 I f
(Assigned Numbers)1 755 1 2143 6900 t
10 R f
( 990, 1986)2 441(. RFC)1 281 2 2906 6900 t
(9. Mills, D.L.)2 561 1 770 7080 t
10 I f
(Internet Delay Experiments)2 1119 1 1397 7080 t
10 R f
(, RFC 889, 1983.)3 714 1 2524 7080 t
cleartomark
showpage
restore
%%EndPage: 15 15
%%Page: 16 16
save
mark
16 pagesetup
10 R f
(- 16 -)2 232 1 2764 480 t
( Strong Sequences of Pseudo-Random)4 1568( to Generate Cryptographically)3 1263( ``How)1 326(10. Blum, M. and Micali, S.)5 1163 4 720 960 t
(Bits''.)878 1080 w
10 I f
(SIAM J. Computing)2 807 1 1197 1080 t
10 R f
(, vol. 13, no. 4, pp. 850-864, Nov. 1984.)8 1672 1 2012 1080 t
( Publication \(FIPS PUB\) 46,)4 1339( Federal Information Processing Standards)4 1903(11. US)1 286 3 720 1260 t
10 I f
(Data Encryption)1 718 1 4322 1260 t
(Standard)878 1380 w
10 R f
(, 15 January 1977.)3 759 1 1253 1380 t
( Federal Information Processing Standards Publication \(FIPS PUB\) 81.)8 3246(12. US)1 286 2 720 1560 t
10 I f
(DES Modes of)2 679 1 4361 1560 t
(Operation)878 1680 w
10 R f
(, 2 December 1980.)3 808 1 1297 1680 t
( M.)1 151(13. Bishop,)1 467 2 720 1860 t
10 I f
( of a Fast Data Encryption Standard Implementation)7 2210(An Application)1 615 2 1408 1860 t
10 R f
( Report)1 310(. Technical)1 489 2 4241 1860 t
( Science, Dartmouth College, Hanover,)4 1660(PCS-TR88-138, Department of Mathematics and Computer)5 2502 2 878 1980 t
(NH. 1988.)1 460 1 878 2100 t
( Flexible Datagram Access Controls for U)6 2052( and)1 229( ``Simple)1 468( J.)1 149(14. Mogul,)1 450 5 720 2280 t
8 R f
(NIX)4068 2280 w
10 R f
(-based Gateways'',)1 830 1 4210 2280 t
10 I f
(Proceedings, Summer USENIX)2 1261 1 878 2400 t
10 R f
(, 1989, Baltimore, Maryland \(to appear\).)5 1662 1 2147 2400 t
(15. Hedrick, C.)2 629 1 720 2580 t
10 I f
(Routing Information Protocol)2 1211 1 1415 2580 t
10 R f
( 1058, 1988.)2 516(. RFC)1 281 2 2634 2580 t
(16. Mills, D.L.)2 611 1 720 2760 t
10 I f
(Exterior Gateway Protocol Formal Speci\256cation)4 1986 1 1397 2760 t
10 R f
( 904, 1984.)2 466(. RFC)1 281 2 3391 2760 t
(17. Postel, J.)2 525 1 720 2940 t
10 I f
(Internet Control Message Protocol)3 1426 1 1311 2940 t
10 R f
( 792, 1981.)2 466(. RFC)1 281 2 2745 2940 t
(18. St. Johns, M.)3 700 1 720 3120 t
10 I f
(Authentication Server)1 882 1 1486 3120 t
10 R f
( 931, 1985.)2 466(. RFC)1 281 2 2376 3120 t
( Internet Activities Board.)3 1148( Advanced Research Projects Agency,)4 1670(19. Defense)1 484 3 720 3300 t
10 I f
(IAB Of\256cial Protocol)2 925 1 4115 3300 t
(Standards.)878 3420 w
10 R f
(RFC 1083, 1988)2 681 1 1375 3420 t
( 1989.)1 291( communication.)1 680( Private)1 349(19. Postel, J.)2 525 4 720 3600 t
( Encryption for Authentication in Large Networks of)7 2222( ``Using)1 379( R.M. and Schroeder, M.D.)4 1154(20. Needham,)1 565 4 720 3780 t
(Computers''.)878 3900 w
10 I f
(Communications of the ACM)3 1188 1 1474 3900 t
10 R f
(, vol. 21, no. 12, pp. 993-999, December 1978.)8 1934 1 2670 3900 t
( in Key Distribution Protocols'',)4 1361( ``Timestamps)1 629( D.E. and Sacco, G.M.)4 965(21. Denning,)1 527 4 720 4080 t
10 I f
(Communications of)1 797 1 4243 4080 t
(the ACM)1 366 1 878 4200 t
10 R f
(, vol. 24, no. 8, pp. 533-536, August 1981.)8 1764 1 1252 4200 t
( Revisited'',)1 509( ``Authentication)1 733( R.M. and Schroeder, M.D.)4 1150(22. Needham,)1 565 4 720 4380 t
10 I f
( Review)1 329(Operating Systems)1 767 2 3717 4380 t
10 R f
(, vol.)1 219 1 4821 4380 t
(21, no. 1, p. 7, January 1987.)6 1208 1 878 4500 t
(23. Harrenstien, K.)2 778 1 720 4680 t
10 I f
(NAME/FINGER Protocol)1 1038 1 1564 4680 t
10 R f
(, RFC 742, 1977.)3 714 1 2610 4680 t
( ``U)1 230( Morris, R.H.)2 604( F.T. and)2 427(24. Grampp,)1 510 4 720 4860 t
8 R f
(NIX)2491 4860 w
10 R f
(Operating System Security'',)2 1236 1 2692 4860 t
10 I f
(AT&T Bell Laboratories)2 1053 1 3987 4860 t
(Technical Journal)1 738 1 878 4980 t
10 R f
(, vol. 63, no. 8, part 2, October, 1984.)8 1568 1 1624 4980 t
(25. Crocker, D.)2 634 1 720 5160 t
10 I f
(Standard for the Format of ARPA-Internet Text Messages)7 2368 1 1420 5160 t
10 R f
( 822, 1982.)2 466(. RFC)1 281 2 3796 5160 t
(26. Postel, J.)2 525 1 720 5340 t
10 I f
(Simple Mail Transfer Protocol)3 1255 1 1311 5340 t
10 R f
( 821, 1982.)2 466(. RFC)1 281 2 2574 5340 t
( J.)1 116(27. Linn,)1 372 2 720 5520 t
10 I f
(Privacy Enhancement for Internet Electronic Mail: Part I: Message Encipherment and)10 3747 1 1293 5520 t
(Authentication Procedures)1 1082 1 878 5640 t
10 R f
( 1040, 1988.)2 516(. RFC)1 281 2 1968 5640 t
( D.; Goldberger, J.; Reynolds, J.K.)5 1440( M.; Postel, J.B.; Chase,)4 1005(28. Butler,)1 433 3 720 5820 t
10 I f
(Post Of\256ce Protocol - Version 2)5 1340 1 3667 5820 t
10 R f
(.)5015 5820 w
(RFC 937, 1985.)2 656 1 878 5940 t
( First Ten Years of Public Key Cryptography''.)7 2030( ``The)1 298( W.)1 163(29. Dif\256e,)1 416 4 720 6120 t
10 I f
(Proc. IEEE)1 479 1 3704 6120 t
10 R f
( pp.)1 170(, vol. 76, no. 5,)4 679 2 4191 6120 t
(560-577, May 1988.)2 832 1 878 6240 t
(30. Rose, M.)2 530 1 720 6420 t
10 I f
(Post Of\256ce Protocol - Version 3)5 1325 1 1316 6420 t
10 R f
( 1081, 1988)2 491(. RFC)1 281 2 2649 6420 t
(31. Lambert, M.L.)2 754 1 720 6600 t
10 I f
(PCMAIL: A Distributed Mail System for Personal Computers)7 2525 1 1540 6600 t
10 R f
( 1056, 1988)2 491(. RFC)1 281 2 4073 6600 t
(32. Mockapetris, P.)2 796 1 720 6780 t
10 I f
(Domain Names - Concepts and Facilities)5 1692 1 1582 6780 t
10 R f
( 1034, 1987.)2 516(. RFC)1 281 2 3282 6780 t
(33. Mockapetris, P.)2 796 1 720 6960 t
10 I f
(Domain Names - Implementations and Speci\256cations)5 2163 1 1582 6960 t
10 R f
( 1035, 1987.)2 516(. RFC)1 281 2 3753 6960 t
cleartomark
showpage
restore
%%EndPage: 16 16
%%Page: 17 17
save
mark
17 pagesetup
10 R f
(- 17 -)2 232 1 2764 480 t
( ``Hesiod'',)1 506(34. Dyer, S.P.)2 577 2 720 960 t
10 I f
(Proceedings, Winter USENIX)2 1206 1 1836 960 t
10 R f
(, 1988, Dallas, Texas.)3 892 1 3050 960 t
( for Open Network)3 825( An Authentication Service)3 1156( ``Kerberos:)1 539( J.G, Neuman, C., Schiller, J.I.)5 1334(35. Steiner,)1 466 5 720 1140 t
(Systems'',)878 1260 w
10 I f
(Proceedings, Winter USENIX)2 1206 1 1336 1260 t
10 R f
(, 1988, Dallas, Texas.)3 892 1 2550 1260 t
(36. Postel, J.)2 525 1 720 1440 t
10 I f
(File Transfer Protocol)2 922 1 1311 1440 t
10 R f
( 959, 1985.)2 466(. RFC)1 281 2 2241 1440 t
( Fedor, M., Schoffstall, J., and Davin, J.)7 1722( J.,)1 131(37. Case,)1 377 3 720 1620 t
10 I f
(A Simple Network Management Protocol)4 1715 1 3026 1620 t
10 R f
(. RFC)1 291 1 4749 1620 t
(1067, 1988.)1 483 1 878 1740 t
( Rose, M.)2 415( K. and)2 315(38. McCloghrie,)1 666 3 720 1920 t
10 I f
(Management Information Base for Network Management of TCP/IP-)7 2853 1 2187 1920 t
(based Internets)1 621 1 878 2040 t
10 R f
( 1988.)1 291( 1066.)1 258(. RFC)1 281 3 1507 2040 t
( Mogul, J.; Theimer, M.)4 1017( R.; Mann, T.;)3 612(39. Finlayson,)1 578 3 720 2220 t
10 I f
(Reverse Address Resolution Protocol)3 1532 1 2999 2220 t
10 R f
( 903,)1 214(. RFC)1 287 2 4539 2220 t
(1984.)878 2340 w
(40. Sollins, K.R.)2 684 1 720 2520 t
10 I f
(The TFTP Protocol \(Revision 2\))4 1326 1 1470 2520 t
10 R f
( 783, 1981.)2 466(. RFC)1 281 2 2804 2520 t
(41. Croft, W.J.; Gilmore, J.)4 1126 1 720 2700 t
10 I f
(Bootstrap Protocol)1 778 1 1912 2700 t
10 R f
( 951, 1985.)2 466(. RFC)1 281 2 2698 2700 t
(42. Plummer, D.C.)2 772 1 720 2880 t
10 I f
(An Ethernet Address Resolution Protocol)4 1687 1 1558 2880 t
10 R f
( 826, 1982.)2 466(. RFC)1 281 2 3253 2880 t
( Directions in Cryptography.'')3 1350( ``New)1 357( M.E.)1 270( W. and Hellman,)3 845(43. Dif\256e,)1 416 5 720 3060 t
10 I f
(IEEE Transactions on)2 979 1 4061 3060 t
(Information Theory)1 794 1 878 3180 t
10 R f
(, vol. IT-22, no. 6, pp. 644-654.)6 1311 1 1680 3180 t
( Mechanisms in High-Level Network Protocols''.)5 2096( ``Security)1 479( V.L. and Kent, S.T.)4 905(44. Voydock,)1 549 4 720 3360 t
10 I f
(ACM)4829 3360 w
(Computer Surveys)1 743 1 878 3480 t
10 R f
(, vol. 15, no. 2, pp. 135-171, June 1983.)8 1658 1 1629 3480 t
( D.W. and Price, W.L.)4 935(45. Davies,)1 460 2 720 3660 t
10 I f
( Networks: An Introduction to Data Security in)7 1943(Security for Computer)2 914 2 2183 3660 t
(Teleprocessing and Electronic Funds Transfer.)4 1923 1 878 3780 t
10 R f
(Wiley. 1984.)1 560 1 2867 3780 t
(46. Defense Communications Agency.)3 1569 1 720 3960 t
10 I f
(Defense Data Network Subscriber Security Guide)5 2029 1 2355 3960 t
10 R f
(. 1983.)1 316 1 4392 3960 t
( in)1 129( Front End Interface Control Document'',)5 1794(47. ``Blacker)1 534 3 720 4140 t
10 I f
(DDN Protocol Handbook)2 1079 1 3228 4140 t
10 R f
( Network)1 400(. DDN)1 325 2 4315 4140 t
(Information Center, SRI International, vol. 1, 1985.)6 2110 1 878 4260 t
( Computer Security Center.)3 1159(48. DoD)1 352 2 720 4440 t
10 I f
( Evaluation Criteria)2 850(DoD Trusted Computer System)3 1312 2 2309 4440 t
10 R f
(, 1983, CSC-)2 561 1 4479 4440 t
(STD-001-83.)878 4560 w
( Center.)1 325(49. National Computer Security)3 1301 2 720 4740 t
10 I f
(Trusted Network Interpretation of the Trusted Computer System)7 2627 1 2413 4740 t
(Evaluation Criteria)1 795 1 878 4860 t
10 R f
( Version 1, July 31, 1987.)5 1073(. NCSC-TG-005,)1 727 2 1681 4860 t
(50. St. Johns, M.)3 700 1 720 5040 t
10 I f
(Draft Revised IP Security Option)4 1358 1 1486 5040 t
10 R f
( 1038, 1988.)2 516(. RFC)1 281 2 2852 5040 t
( Computer Security Center.)3 1150(51. DoD)1 352 2 720 5220 t
10 I f
( Behind CSC-STD-003-85: Computer Security)4 1918(Technical Rationale)1 825 2 2297 5220 t
(Requirements)878 5340 w
10 R f
(, CSC-STD-004-83, 1983.)2 1069 1 1435 5340 t
( Sun Environment''.)2 843( Networking in the)3 785( ``Secure)1 406( B. and Goldberg, D.)4 879(52. Taylor,)1 449 5 720 5520 t
10 I f
(Proceedings, Summer)1 888 1 4152 5520 t
(USENIX)878 5640 w
10 R f
(, 1986, Atlanta, Georgia.)3 1014 1 1230 5640 t
( D.L.)1 239(53. Mills,)1 395 2 720 5820 t
10 I f
( Implementation)1 684(Network Time Protocol \(Version 1\) Speci\256cation and)6 2318 2 1443 5820 t
10 R f
( 1059,)1 282(. RFC)1 305 2 4453 5820 t
(1988.)878 5940 w
( list message)2 527( Mailing)1 383(54. Mills, D.L.)2 611 3 720 6120 t
10 S1 f
(<)2274 6120 w
10 R f
(8901192354.aa03743)2330 6120 w
10 S1 f
(@)3193 6120 w
10 R f
(Huey.UDEL.EDU)3285 6120 w
10 S1 f
(>)4022 6120 w
10 R f
(, January 19, 1989.)3 784 1 4078 6120 t
cleartomark
showpage
restore
%%EndPage: 17 17
%%Trailer
done
%%Pages: 17