Security problems of TCP
This outdated page addresses some problems of
unencrypted tcp connections, which
-  can be spoofed (source code of an ip spoofer):
 Where spoofing is the term for establishing a connection with a forged
sender address; this normaly involves exploiting trust relations between
the source and the destination address
-  Morris' paper about IP spoofing.
-  Phrack 48 Text explains the problem
in easy words
-  ipspoof.1 - the altogether spoofing package
Facts about some operating systems:
-  SunOS 5.5.1 isn't vulnerable against sequence number guessing though still
comes with source routing on as default.
-  HP/UX 9.04 AIX 4.1.4 are vulnerable against sequence number guessing and come with
source routing enabled as default, though a bug in the rshd daemon renders
lsrr on AIX useless.
-  UCX 3.3 on OpenVMS is vulnerable against sequence number guessing and comes
with source routing enabled as default.
-  Linux 2.0.24 of isn't affected by both kinds.
 
 
 
-  can be highjacked:
 The control of a connection will be taken by the attacker after the user authenication has been done (.i.e. one-time-passwords ). Possibly via icmp redirect or RIP.
 
-  can be manipulated (source code of such a beast):
 The attacker can insert arbitrary streams of data 
without the user noticing it
-  Joncheray's paper about a simple active attack against TCP
-  Sample log of a manipulated connection as seen from the
client site. In fact the client can't determine that his connection was taken
control of.
 
The easiest solution to avoid attacks like that would be to disable source
routing on your hosts, don't pass source routed packets through your own
routers, install checks that no packets will be routed from the outside with
an inside source address. But that still wont help against all kinds of
possible attacks. The free 
OpenSSH
is the ideal anwser against most of those threats. 
SSH
will 
encrypt your 
connections
 and even forward X Windows.
 TCP/IP Protocol Related Texts 
When you read all those texts, you get a fairly good impression what
the problems concerning TCP/IP are and what can be done to avoid
security holes.
Cryptography
Computer Security Related Links
(c) 1995 - 1997 provos@umich.edu
(
PGP Public Key)
[Back]