Paper Review On A Look Back at Security Problems in the TCP/IP

Protocol Suite
Motivation: Author Was Very Much Exited about The Review which were posted and bulk of mails which
he gets from persons around the globe, about the paper which he published long ago. He further
describe the way in which he use the networks in the early stages of network development, He put
emphasis on the trajectory of the network protocol design.
Problem Statement: Nothing in this World is near to perfect. So protocols like TCP/IP or other protocols
which are responsible for governing the whole internet are good up to some extent but but there are
some holes in the protocols which might be exploited, like in ICMP there are ICMP Redirect To control the
gateways. So here He Specially Tell About the problems which were faced by the TCP/IP Protocols after
final draft of the Suit.
Methodology: Author Used His Old Paper as a reference to the New one. He discusses (potentially)
exploitable flaws in each, and where possible defenses against them In April 1989 (when this paper was
published) there were between 80k and 130k hosts on the internet. There were 162 Million as of
07/2002. In November 1988, the the Morris worm infected 10% of the internet (some 6000 hosts)
causing an estimated $98 Million in damage.
Critical Review Of The Claim: Where the authors focus and predictions were accurate. Where the author
was wrong. Where the dangers have yet to happen. A general review on security problems in tcp/ip
protocol. Improve the relatively coarse rate of change of the initial sequence number variable, and the
granularity. The instability of the Internet also play a role. Randomizing the increment. Using a
cryptographic algorithm. The author reviewed some protocols which can be susceptible to abuse,
although they are not inherently flawed, including.

The Finger service.

Electronic mail.
The Domain name system (DNS).
The file transfer protocol (FTP).

The problem of sequence number attacks are common If a protocol depends on sequence numbers and
most of them do, According to him it is vital that they be chosen unpredictably. It is worth considerable
effort to ensure that these numbers are not knowable even to other users on the same system. A finger
server, for example, would be much safer if it only supplied information about a known user, rather than
supplying information about everyone logged on.
Conclusion: Two technical points are worth noting. First, routing attacks could be mitigated by
maintenance of separate routing tables (by multi-level secure routers). Second, what forms of
authentication are acceptable would depend on detailed knowledge of what sorts of hosts were
connected to what sorts of network. He further Emphasis On two points that should be considered, Hosts
should not give away knowledge gratuitously And Network control mechanisms are dangerous and must
be guarded.
References: Steven M. Bellovin AT&T Labs. Research, A Look Back at .Security Problems in the TCP/IP
Protocol Suite.
VIVEK SHARMA

Vivek@doyl.in

HTTP://DOYL.IN