[Paper Review] A Look Back at “Security Problems in the TCP/IP Protocol Suite”

Title A Look Back at “Security Problems in the TCP/IP Protocol Suite” [Link]
Author Steven M. Bellovin Email bellovin@acm.org
Publishing 20th Annual Computer Security Application Conference “classic paper” (ACSAC)AT&T Labs – Research Year 2004
Abstract About fifteen years ago, I wrote a paper on security problems in the TCP/IP protocol suite, In particular, I focused on protocol-level issues, rather than implementation flaws. It is instructive to look back at that paper, to see where my focus and my predictions were accurate, where I was wrong, and where dangers have yet to happen. This is a reprint of the original paper, with added commentary.
Summary  Security issues & Defenses

Issues Sub Problems/Possible Attacks Defenses/Countermeasures
TCP Sequence
Number Prediction
1. Makes “r” possibly execute malicious commands2. Generates queue overflows so that trusted client lost messages (DoS)3. Further session hijacking attack 1. A cryptographic hash function to create a separate sequence number space for each  “connection”, a connection being defined per RFC791 as the unique 4-tuple <localhost, localport, remotehost, remoteport>.2. Random ISN generation à negative effects on the correctness of TCP in the presence of duplicate packets, the sum of a sequence

of random increments will have a normal distribution, which implies that the actual range

of the ISNs is quite small with Central limit theorem (CERT CA-2001-09)

Routing Issues Source
1. Addr-based authentication 1. Configure routers to reject external packets2. Use firewall,3. Reject src-routed packets at border routers
RIP Attack 1. No authentication allows an intruder to send bogus routing info, whose entries are visible widely2. AS 7007 attack3. Spammers hijack route, inject spam, and then withdraw the route. 1. Filter out packets with bogus source. (Network ingress filtering)
EGP 1. Impersonates a second E/G for AS2. Claims reachability for some network where the real GW is down. 1. Reasonably secure due to restricted topologies, but now BGP
ICMP 1. ARP Spoofing 1. Includes plausible sequence number2. ICMP redirect disabled
“Authentication” Server 1. Do not use it
Applications Finger 1. Displaying useful info. about users 1. Firewall blocks the finger protocol
Email(POP) 1. Use encryption mode – SSL
DNS 1. DNS Sequence number attack2. Intercepts virtually all requests to translate names to IP addresses, and supply the address of a subverted  machine instead3. DNS Zone transfer (AXFR): no authentication on the request 1. DNSSec provides digitally signed resource records
FTP 1. FTP authentication in plaintext2. Anonymous FTP – bounce attack 1. Cryptographic protection for FTP
SNMP 1. No authentication reveals MIB 1. Use community string (simple plaintext pass)2. SNMPv3 defines user-based security model which provides cryptographic authentication
Remote Booting 1. RARP with TFTP2. BOOTP with TFTP3. Impersonate the server and send false DATA packets 1. 4 byte random transaction id2. DHCP
Trivial Attacks 1. LAN vulnerable to eavesdropping (ARP poisoning, smurf attack)2. TFTP with no authentication3. Reserved Ports

Comprehensive Defenses: Authentication, Encryption, Trusted Systems

Note This paper covers a general idea of overall security problems in TCP/IP suite. It also provides a lot of references to see countermeasures of certain issues at a glance.This paper is based on what the author wrote original paper back in 1989. It reviews different types of protocol flaws itself and possible attacks from TCP sequence guessing, routing protocol issues to application layer protocols such as finger, POP3, SNMP, DNS, and FTP. Also he corrected wrong descriptions in previous paper if any as well as defense techniques and their limitations against such attacks.


 (a) BEAST (Browser Exploit Against SSL/TLS)

  •  By Juliano Rizzo and Thai Duong, 2011 @ ekoparty Security Conference in Buenos Aires, Argentina
  •  Decrypts secure cookies against CBC mode (i.e AES or 3DES) in TLSv1

Demo and description: http://vnhacker.blogspot.com/2011/09/beast.html
Paper: http://packetstormsecurity.com/files/download/105499/Beast-SSL.rar/
Proof of Concept with javascript: http://erlend.oftedal.no/blog/beast/

(b) CRIME (Compression Ratio Info-leak Made Easy)

  • By Juliano Rizzo and Thai Duong, 2012 @ ekoparty Security Conference in Buenos Aires, Argentina
  • leverages compression side-channel, recovers the HTTP request headers
  • Injects partial chosen plaintext (CPA) into a victim’s requests + measures the size of encrypted traffic
  • HTTP-level compression: gzip (RFC 1952), defalte (RFC 1951)
  • Mitigated by disabling TLS/SPDY compression

1. Wiki: http://en.wikipedia.org/wiki/CRIME_(security_exploit)
2. Tor and BEAST: https://blog.torproject.org/blog/tor-and-beast-ssl-attack
3. Schneier’s Article: https://www.schneier.com/blog/archives/2011/09/man-in-the-midd_4.html
4. Generic attacks with compression: http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf

(c) BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext)

  • By Angelo Prado, Neal Harris, and Yoel Gluck, 2013 @ Blackhat 2013
  • CVE-2013-3587
  • leverages compression, takes advantage of HTTP responses
  • Mitigated by:Disabling HTTP compression
    – Separating secrets from user input
    – Randomizing secrets per request
    – Masking secrets (effectively randomizing by XORing with a random secret per request)
    – Protecting vulnerable pages with CSRF
    – Length hiding (by adding random number of bytes to the responses)
    – Rate-limiting the requests


1. Wiki: http://en.wikipedia.org/wiki/BREACH_(security_exploit)
2. Paper: http://breachattack.com/resources/BREACH%20-%20SSL,%20gone%20in%2030%20seconds.pdf
3. PPT: http://breachattack.com/resources/BREACH%20-%20BH%202013%20-%20PRESENTATION.pdf
4. Source Code: https://github.com/nealharris/BREACH

BGP Security

You can download the slide: BGP Security
(This has been done as a part of homework in CSE508 in SBU CS.)

There are two different kinds of routing protocols: one is for interior purpose – IGP (Interior Gateway Protocol) and the other is for exterior purpose – EGP (Exterior Gateway Protocol). A good example of IGP would be RIP(Routing Information Protocol), OSPF (Open Shortest Path First) which is the most widely used, and EIGRP (Enhanced Interior Gateway Routing Protocol) which is proprietary by Cisco. In EGP, BGP (Border Gateway Protocol) is now de facto standard adapted by the Internet.

First we need to define a couple of terminologies.

1. AS (Autonomous System): A set of computers and routers under a single administration
2. RIB (Routing Information Base): BGP routing entries (Adj-RIB-In, Loc-RIB, and Adj-RIB-Out)
3. BGP Attribute: Types to decide path vector algorithm
(Origin=1, AS_Path=2, Next_Hop=3, MED=4, Local_Pref=5, Atomic_Aggregate=6, Aggregator=7)

As of Feb. 2014, there are more than 500,000 BGP routing tables available. (Check http://bgp.potaroo.net/bgprpts/rva-index.html) You may also want to know current AS summary. (Check http://cidr-report.org/as2.0/) Each BGP speaker uses RIBs and BGP attributes and installs NLRI (or best path) according to the following mechanism. (If the preference ties, then it considers next attribute in order.)

Highest weight →Highest LOCAL-PREF → Originated Source → Shortest AS-PATH → Lowest Origin (IBGP < EBGP < incomplete) → Lowest MED → EBGP over IBGP → Lowest IGP Metric → Lowest Route ID → Lowest Originator ID

The following figure illustrates 4 main BGP messages: OPEN, KEEP-ALIVE, UPDATE, and NOTIFICATION. The communication among BGP speakers maintains unicast over 179/tcp.


Now, let’s briefly take a look at BGP vulnerabilities from two perspectives. By running over TCP, listening on port 179, BGP is subject to be vulnerable through all kinds of TCP attacks: IP Spoofing, TCP RST,  TCP RST using ICMP, Session Hijacking, and various denial of service attacks including SYN flooding and so forth. These lead target router to drop the BGP session and both peers withdraw routes, causing disruption of network connection. An attacker takes advantage of eavesdropping, blackholing, and/or traffic analysis by changing routes as well.


On top of that, with respect to BGP attacks, fundamental vulnerabilities arise from no mechanism which has specified within BGP in order to (a) validate the authority of an AS and (b) to ensure the authenticity of the path attribute by an AS. This allows an adversary to route manipulation such as message relaying, insertion, deletion, and modification as well as route hijacking. BGP-oriented attacks include:

(1) Route Flapping: repetitive changes rapidly cause the BGP routing table to be withdrawn and then re-advertised
(2) Route Deaggregation: announcing more specific route UPDATE causes a huge number of updates, which makes router crash and shut down
(3) (Unallocated) Route Injection: sending out incorrect routing information or transmitting routes to “bogon” prefixes


Lastly, here are BGP attack countermeasures to mitigate corresponding threats above.

1. Use authentication mechanism

  • Use access control list.
  • Use BGP peer authentication: MD5(Routing Advertisement + Shared Key), IPSecif available
  • Configure BGP to allow announcing only designated netblocks
  • Disable BGP version negotiation to provide faster startup
  • Announce only preconfigured list of networks

2. Configure route manipulation protection

  • Use BGP graceful restart
  • Use max prefix limits to avoid filling router tables
  • Filter all bogonprefixes with ingress/egress filtering
  • Do not allow over-specific prefixes
  • Turn off fast external failover, called route flap damping
  • Record peer changes

3. Use secure protocol

  • Only allow peers to connect to port 179 in TCP
  • Randomize sequence number (against spoofing and session hijacking)
  • Consider deploying S-BGP or BGPSec


RFC 4271 -A Border Gateway Protocol 4 (BGP-4), which obsoletes RFC 1771, 1772
RFC 4272 -BGP Security Vulnerabilities Analysis
RFC 2439 –BGP Route Flap Damping