[LACNIC/Seguridad] Nueva revisión de nuestro IETF I-D sobre Port Randomization

Fernando Gont fernando en gont.com.ar
Dom Ago 31 10:29:14 BRT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hola a todos,

Acabamos de publicar una revisión de nuestro IETF Internet-Draft sobre
"Port Randomization".  El mismo está disponible en el repositorio de la
IETF, y en:
http://www.gont.com.ar/drafts/port-randomization/draft-ietf-tsvwg-port-rand
omization-02.txt (asimismo, pueden encontrar el mismo documento en formato
HTML y PDF en: http://www.gont.com.ar/drafts/port-randomization/index.html)

Esta nueva revisión intenta responder a los comentarios que recibimos de
Amit Klein, Matthias Bethke, y Alfred Hoenes.

El "Abstract" del documento es:
- ---- cut here ----
    Recently, awareness has been raised about a number of "blind" attacks
    that can be performed against the Transmission Control Protocol (TCP)
    and similar protocols.  The consequences of these attacks range from
    throughput-reduction to broken connections or data corruption.  These
    attacks rely on the attacker's ability to guess or know the five-
    tuple (Protocol, Source Address, Destination Address, Source Port,
    Destination Port) that identifies the transport protocol instance to
    be attacked.  This document describes a number of simple and
    efficient methods for the random selection of the client port number,
    such that the possibility of an attacker guessing the exact value is
    reduced.  While this is not a replacement for cryptographic methods,
    the described port number randomization algorithms provide improved
    security/obfuscation with very little effort and without any key
    management overhead.  The algorithms described in this document are
    local policies that may be incrementally deployed, and that do not
    violate the specifications of any of the transport protocols that may
    benefit from them, such as TCP, UDP, UDP-lite, SCTP, DCCP, and RTP.
- ---- cut here ----

Cualquier comentario será bienvenido.

Gracias!

Saludos cordiales,
- --
Fernando Gont
e-mail: fernando en gont.com.ar || fgont en acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1





-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003) - not 
licensed for commercial use: www.pgp.com

wsBVAwUBSLqcZpbuqe/Qdv/xAQhgZggAx4fdrVBMgX8OKOK60RC7mytaI0YUIloU
jTf7GzyXNI7+mgYIiySRScHyXB0FtipsnYQ9Whw+yoJPQH2VCFtHMbkNR9IzlAGF
Qzg763GiKvvaPnyf8MTrf2z+uof6gLBPOxfN5b8TkUuAkJNjDKNaXV7cZRkeZ9Lo
WIe36EAHa94cj587qn6z34yLeQ87WmytQfFPhmlQWO5Zzkoi1HwlK25HALixY8Uq
NYgw8vobeZzAg3qDLJna8sBSRnqEhj7cRwr738gt9Lvlcb19suUyFazmE4UwW8oS
Yda7Iy/sHLm7wTcKeqjsXUjk5rCkKtwTbqGB55rw69xq411hgbTPJA==
=O2+5
-----END PGP SIGNATURE-----


--
Fernando Gont
e-mail: fernando en gont.com.ar || fgont en acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1







Más información sobre la lista de distribución Seguridad