Recent analysis of potential attacks on core Internet infrastructure
indicates an increased vulnerability of TCP connections to spurious
resets (RSTs), sent with forged IP source addresses (spoofing). TCP
has always been susceptible to such RST spoofing attacks, which were
indirectly protected by checking that the RST sequence number was
inside the current receive window, as well as via the obfuscation of
TCP endpoint and port numbers. For pairs of well-known endpoints
often over predictable port pairs, such as BGP or between web servers
and well-known large-scale caches, increases in the path
bandwidth-delay product of a connection have sufficiently increased
the receive window space that off-path third parties can brute-force
generate a viable RST sequence number. The susceptibility to attack
increases with the square of the bandwidth, and thus presents a
significant vulnerability for recent high-speed networks. This
document addresses this vulnerability, discussing proposed solutions
at the transport level and their inherent challenges, as well as
existing network level solutions and the feasibility of their
deployment. This document focuses on vulnerabilities due to spoofed
TCP segments, and includes a discussion of related ICMP spoofing
attacks on TCP connections. This memo provides information for the Internet community.
