TCP/IP Security Problems
TCP/IP is the backbone of the internet and is very widelyused today. It was developed under theDepartment of Defense for a small trusted network connecting small communities. Over the years, that small network developed into a huge global network connecting all kinds of people. The growth of the internet has created many problems with security and the protocol slack even the most basic mechanism for security such as authentication and encryption. Those vulnerabilities and security flaws are used by crackers for Denial of Service attacks, connection hijacking and other attacks. The major TCP/IP security problems are:TCP SYN attacks, IP Spoofing, Routing attacks, ICMP attacks, DNS attacks and the lack of unique identifiers.
In TCP SYN attacks the TCP uses sequence numbers to ensure that the user is getting the data in the correct order. The sequence numbers are established during the opening phase of a TCP connection in the three-way handshake. SYN attacks take advantage of a flaw in how most hosts implement this three-way handshake. When host receives the SYN request from A, it must keep track of the partially opened connection in a "listen queue" for at least 75 seconds and a host can only keep track of a very limited number of connections. A malicious host can exploit the small size of the listen queue by sending multiple SYN requests to a host, but never replying to the SYN&ACK the other host sends back. This causes the connection queues to fill up and to deny service to legitimate TCP users.
IP Spoofing is an attack used to gain access to computers. The intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host. To engage in IP spoofing a hacker must first use a variety of techniques to find an IP address of a trusted host and then modify the packet headers so that it appears that the packets are coming from that host.
Routing attacks takes advantage of Routing Information Protocol. RIP protocol is an essential component in a TCP/IP network. It is used to distribute routing information within the network.The RIP has no built in authentication and the information in the RIP packet is used without verifying it.An RIP attack changes where the data goes to.
ICMP attack is used by the IP layer to send one-way informational messages to a host such as ping messages. ICMP has no authentication and it can result in a denial of service, or allowing the attacker to intercept packets. Denial of service attacks is primarily using "Time exceeded" or "Destination unreachable" messages, which can cause a host to immediately drop a connection. ICMP messages can also be used to intercept packets by using the "Redirect" message which is commonly used by gateways when a host has mistakenly assumed the destination is not on the local network.
DNS attacks are used to map hostnames to IP addresses. An attacker uses the property of mapping IP address to host name to fool name �based authentication. It can be prevented by performing a second DNS query on the hostname returned by the first query.
Lack of unique identifiers is referring to any security schemes that rely upon IP addresses remaining temporally or spatially unique. They may have vulnerabilities because of the widely use of the network address translation and dynamic IP addresses techniques.
The widespread use of protocols such as PPP/SLIP and DHCP allow a specific host's address to change over time: per-connection in the case of PPP/SLIP, while DHCP allows hosts to "lease" IP addresses for arbitrary lengths of time. On even larger time scales, details in the current Internet routing structure may require that if a domain changes service providers, they will have to change their assigned range of IP addresses. Network Address Translators use of IP addresses as identifiers, because they may translate addresses as traffic moves between the internal and external networks. Different hosts may appear to be using identical IP addresses, or different IP addresses may be the same host. Thus, IP addresses can no longer be used to uniquely identify a host, even over short time periods.
There are many available tools to minimize or prevent the security problems. A lot of effort has already been imputed to minimize these problems. IPv6 has build in some security options and features.