Static analysis of programs with application to malicious core detection
Static analysis of programs with application to malicious core detection
TCP/IP illustrated (vol. 2): the implementation
TCP/IP illustrated (vol. 2): the implementation
Security problems in the TCP/IP protocol suite
ACM SIGCOMM Computer Communication Review
A high-performance network intrusion detection system
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Journal of Computer Security
Synthesizing fast intrusion prevention/detection systems from high-level specifications
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Theory propagation and rational-trees
Proceedings of the 15th Symposium on Principles and Practice of Declarative Programming
Hi-index | 0.00 |
The Transmission Control Protocol Internet Protocol (TCP/IP) [1] suite is widely used to interconnect computing facilities in modern network environments. However, there exist several security vulnerabilities in the TCP specification and additional weaknesses in a number of its implementations. These vulnerabilities may enable an intruder to "attack" TCP-based systems, allowing him/her to "hijack" a TCP connection or cause denial of service to legitimate users. We analyze TCP code via a "reverse engineering" technique called "slicing" to identify several of these vulnerabilities, especially those that are related to the TCP state-transition diagram. We discuss many of the paws present in the TCP implementation of many widely used operating systems, such as SUNOS 4.1.3, SVR4, and ULTRIX 4.3. We describe the corresponding TCP attack "signatures"(including the well-known 1994 Christmas Day Mitnick Attack) and provide recommendations to improve the security state of a TCP-based system, e.g., incorporation of a "timer escape route" from every TCP state.