TCP IP Header Attack Vectors and Countermeasures

Abstract

The TCP IP header has security vulnerabilities that make it prone to numerous kinds of attacks such as TCP SYN flooding, TCP RST, source quench, TCP session hijacking, TCP sequence number prediction, port scanning, CHARGEN and ECHO. The purpose of this paper was to investigate the attack vectors for various TCP IP header attacks and suggest possible countermeasures to curb these attacks. The goals were to gain an understanding on what makes the TCP IP header architecture vulnerable, so that appropriate countermeasures to address these shortcomings could be instigated; based on their performance in terms of their efficiency in curbing the various attack vectors exploiting these vulnerabilities. To achieve this, a combined experimental - simulation approach was employed using Wireshark network analyzer, Nmap, Ettercap, Aireplay-ng and Airodump-ng from Aircrack-ng suite software. A sample network utilizing the transmission control protocol was designed and some packets transmitted over it. The packet traffic volume, sequence numbers, acknowledgement numbers, associated protocols, TCP handshake and packets in flight were then studied. The results obtained indicate that the TCP IP header is indeed susceptible, most probably because the initial intent of the TCP was to share information and security was not a major concern at that time. However, as the internet is now open to the general public and not restricted to the department of defense where it was initially meant to serve, there is need to develop novel algorithms that could help mitigate the weaknesses inherent in the TCP architecture. This study is of help to network designers and administrators as it aids them to identify how to structure their networks for in-depth security by adding another layer of security at the TCP IP header level to support the network-based controls such as next generation firewalls.