2020 International Conference on Intelligent Computing and Human-Computer Interaction (ICHCI)

TCP/IP Protocol Security Problems and Defenses

2020 International Conference on Intelligent Com puting and Hum an-Com puter Interaction (ICHCI) | 978-1-6654-2316-8/20/$31.00 ©2020 IEEE | DOI: 10.1109/ICHCI51889.2020.00033

Zhi Kanmai
School of Engineering and Technology,
Xi'an Fanyi University,
Xi'an 710105, Shaanxi, China

Abstract—With introduction to the uses of and all-round

elaboration of the security issues of TCP/IP Protocols, this paper B. Category o f Transport Ports
provides a theoretical analysis of the major security problems in 1 ) Port No. at server end
the TCP/IP Protocol. TCP/IP Protocol, mainly designed for a) Well Known Ports or system ports : from 0 to 1023.
scientific research, has little consideration of security problems in They are binding with particular services. Generally, the
its design. TCP/IP Protocol, which is widely applied in practice communication of those ports indicate certain service protocol.
today, has become the standard for network communication For instance, Port 80 stands for HTTP communications,
protocols. This paper wishes to offer some reference for the assigned to WWW and Port 20 assigned to FTP service and
building a secure information network environment in the future.
etc.
Keywords- TCP /IP; security protocol; SYN attack; network b) Registered Ports : from 1024 to 49151. They are
communication protocol; method o f defending SYN loosely linked with particular services. That is, some services
are linked with those ports, however, those ports can serve
I. Su m m a r y o f TCP/IP other purposes as well. For instance, many system dynamic
Ports start from 1024.
A. TCP/IP architecture
2 ) Port No. at user end
c) Dynamic Ports: from 49152 to 65535. The reason
why they are called dynamic Ports is because they are
assigned to a particular service but allocated dynamically.
Dynamic allocation means when a system process or
application programs requires network communications, it will
apply for a port from the host, which will allocate an available
port to it. When this process closes, it releases the port number
in use. Actually, the machine generally allocates dynamic
Ports from 1024. However, there are exceptions: RPC port
from SUN starts with 32768.
3 ) Well-known ports widely used
20— FTP (data)
21— FTP (control)
23—Telnet
25— SNMP
Figure 1. TCP/IP layers 53—DNS
69—TFTP
As shown in the above figure, TCP/IP are mainly divided 80—HTTP
into 4 layers, which are Application, Transport, Network, and 161— SNMP
Network Ports from the upper to the bottom. The relationship
among each layer is shown as the figure below: C. Working principle o f TCP
L ayer F u n c tio n s P ro to c o l 1 ) Connection process o f TCP
Links (data links, Process and cables (physical ports APR (Address Resolution
network ports) of any other transport media) Protocol) TCP is a reliable connection-oriented full-duplex transport
BRAP protocol. The establishment of a TCP connection is a three-way
Network Process activities in the packet, IP, ICMP, IGMP
such as packet selection
handshake process. As shown in the figure:
Transport Provide end to end TCP, UDP
communication for the
application programs on the two
hosts
Application For different application Telnet, FTP, SMTP, SNMP
programs

Figure 2. TCP/IP relationship

Supported by the Provincial First-class Disciplines Cultivation Project for E-

commerce of Xi'an Fanyi University

978-1-6654-2316-8/20/$31.00 ©2020 IEEE 117

DOI 10.1109/ICHCI51889.2020.00033

Authorized licensed use limited to: UNIVERSITY OF WESTERN ONTARIO. Downloaded on May 26,2021 at 14:03:06 UTC from IEEE Xplore. Restrictions apply.
 • Serve A responds a data segment labeled with ACK,
sequence number b, and confirmation sequence
number a+1 for confirmation of host A ’s FIN
report.Host A intends to terminate the connection, so it
sends a data segment labeled with FIN, ACK, sequence
number b, and confirmation sequence number a+1.
• Serve A responds a data segment labeled with ACK,
sequence number a+1, and confirmation sequence
number b+1 for confirmation of host A’s FIN message.

Figure 3. Connection process of TCP II. TCP/ IP PROTOCOL SECURITY PROBLEMS

The flaws inherent in the the protocol may be one of the
major factors to cause System loopholes under attack. A
a) Host A (referred as user end) sends a data segment
network protocol is the general rule for interconnection that
that identifies SYN, indicating that it is expected to establish a
needs to be universally complied with. TCP/IP Protocol,
connection with server A, with a as the sequence number (seq)
applied as the mainstream protocol for internet,
of this data segment.
overemphasized development and convenience in its initial
b) Server A replies to the data segment that identifies design with little consideration of security. Therefore, many
SYN+ACK. The sequence number (seq) of this data segment network protocols, with inherent security flaws, are vulnerable
is b, confirming that the sequence number is the number of for attack. What’s even worse, some security loopholes out of
host A plus 1 (a+1). It is to confirm SYN report to host A. protocol flaws will be directly used by hackers to attack the
victim systems. This paper elaborates on the security problems
c) Host A sends a data segment that identifies ACK. inherent in TCP/IP protocol and Protocol daemon, pointing out
The sequence number (seq) of this data segment is a+1. The the likely attacks against these flaws.
confirmation sequence number is the sequence number of
server A plus 1 (b+1). It is to confirm message on SYN of
server A.
2 ) TCP closes the connection

TCP supports full duplex mode to transmit data, which A. Safety issues o f TCP Protocol
means that data can be transmitted in both directions TCP establish a connection through a three-way handshake.
concurrently. Before data is transmitted, TCP actually It involves the exchanges of three packets of messages. The
establishes a connection in both directions through the three- first is a SYN packet; the second is a SYN/ACK packet,
way handshake. Therefore, after the transmission is completed, indicating that it responds to the first SYN packet while
the connection in both directions must be closed. The continuing the handshake process; the third is just a response,
establishment of a TCP connection is a three-way handshake shown as an ACK packet If Party A is the client (active
process. But the termination process of TCP connection is a participant) and Party B is the recipient, the likely threat will
four-way handshake. probably include the following:
As shown in the figure: • A hacker may ear-drop Party B’s SYN/ACK message.
• Host A intends to terminate the connection, so it sends • The hacker sends RST packet to Party B, followed by
a data segment labeled with FIN, ACT and sequence SYN to fake Party A to establish a new connection.
number a, and confirmation sequence number b.

118

Authorized licensed use limited to: UNIVERSITY OF WESTERN ONTARIO. Downloaded on May 26,2021 at 14:03:06 UTC from IEEE Xplore. Restrictions apply.
 • Party B responds to the new connection with III. D e f e n s e o f TCP/IP p r o t o c o l s e c u r it y is s u e s
SYN/ACK.
A. Defense o f TCP protocol security issues
• The hacker fakes Party A once again to send ACK to
Party B. It is rather hard to defend against SYN Flood attacks.
However, the measures can be taken from the following aspects
In this way, the hacker has successfully destroyed the for prevention:
connection. If he takes the opportunity to inject harmful data
packets, it will cause more serious consequences. The data • Set the corresponding kernel parameters to the system
transmitted through the connection by TCP Protocol is seen as to force the system to reset the timeout SYN request
segments with indicated sequence number of 32 32-bit integers. connection packet. At the same time, the system can
The initial sequence number (ISN) is generated at TCP quickly process the invalid SYN request packet by
handshake. The generation mechanism is relevant with the reducing the timeout constant and lengthening the
protocol. The hacker can obtain ISN of the earlier connection waiting queue.
by sending a connection request to the target host. He can
measure the round-trip time between the attacking host and the OSI T C P / IP PD U
target host. Once ISN and RTT of the last connection is known, A p p lic a tio n
E x p re s s io n A p p lic a tio n M e ssag e
it is easy to predict ISN of the next connection. If the attacker D ia lo g u e
pretends to be a trusted host to send a TCP connection to the T ra n sp o rt T ra n sp o rt Segm ent

target host and succeeds in predicting the TCP sequence N e tw o r k N e tw o r k Packet

D a t a links N e tw o r k Frame
number of the target host, he can spoof a harmful packet to be Ph ysical Bit

accepted by the target host.

osi/R rvi T C P / IP P r o t o c o ls Figure 7 Defense of TCP protocol

A p p l ic a t io n T e l n e t . FTP.SfS/lIP.D
N S ,H T T P a n d
E x p r e s s io n A p p l ic a t io n
o t h e r a p p lic a t io n
D ia lo g u e p r o to c o ls • Make adjustment to the routing of the network segment,
T ra n sp o rt T ra n sp o rt TCP, UD P
which may include limiting the flow and number of
N e tw o rk N e tw o rk IP. A R P . R A R P. I C ls/1P
D a t a lin k s N e tw o rk
V a r io u s n e t w o r k SYN half-open packets.
p o r t s (E t h e r n e t )
P h y s ic a l f o h v s ic a l n e t w o r k }
• Do necessary TCP interception at the front end of the
router. Only the data packets that complete the TCP
three-way handshake process can enter the network
Figure 6. TCP/IP Protocols segment, so as to defend against such attacks.

B. Security issues o f IP protocol B. Defense o f IP protocol security issues

• An IP protocol enables transmission of data free from • Abandon address base authentication strategy.
connections between networks. The IP protocol sends • Adopt filter packets. If the network is connected
IP data packets according to the destination address in through routing, then use the routing to filter the
the IP packet header. That is, when IP routs an IP packets. Confirm that only internal LAN is trusted. The
packet, it does not check the source address provided in server on the internal local Lan should be cautious
the IP packet header, deeming that the source address about any hosts outside the local Lan. Routing can
in the IP packet header is the IP address that sends the filter all the requests that wish to establish connections
packet. In this way, many services that rely on IP with the internal.
source addresses for confirmation will cause problems
and will be infringed. One of the most serious • Use decoding. An easy way to defend against fake IP
infringement is to attack through IP spoofing.• address is to request for transmission and
authentication with decoding. Decoding may be the
• Take the firewall as an example, some network most effective methods among multiple approaches.
firewalls only authenticate IP packets from reliable
resources. However, the IP address doesn’t verify if the
IP address source in the IP packets is the true address IV. CONVEY THANKS
of source host. The attacker can spoof a trusted IP In the daily busy teaching and management work, I finally
source address to pass this firewall. Besides, some of completed this paper.
the IP addresses are assigned as security permissions
for network applications, the attacker can easily First of all, I would like to thank Mr. Zhang Chunhua,
acquire such permission through spoofing a trusted IP director of the experimental center of the College of
source address. In fact, every attacker can take use of engineering and technology of Xi'an Institute of translation.
such opportunity to attack through a spoofed an IP During the period of writing the thesis, he has been a strong
address without being detected. backing for the cutting-edge technology of the network. He
encouraged me and helped me all the time, and enriched the

119

Authorized licensed use limited to: UNIVERSITY OF WESTERN ONTARIO. Downloaded on May 26,2021 at 14:03:06 UTC from IEEE Xplore. Restrictions apply.
 frontier knowledge of computer network technology with him, Once again, I would like to thank all the teachers who have
which made me learn a lot of knowledge. helped me in the process of completing this thesis.
Secondly, I would like to thank Miss Zhou wanna for her
rich mathematical knowledge and her great contribution to the References
completion of TCP connection algorithm in computer network [1] Lei Zhenjia. Network Engineer Course [M]. Beijing: Tsinghua
technology. University Press, 2010
[2] Chen Yingming. "Computer Network and Application" [M].
Host a wants to terminate the connection, so it sends a data Metallurgical Industry Press, 2011
segment marked with fin and ACK with sequence number of a [3] Chen Xiren. "Computer Network (2nd Edition)" [M]. Beijing:
and confirmation sequence number of B; server a responds to Metallurgical Industry Press, 2010
a data segment marked with ACK, with sequence number B [4] Lin, Zhou."Computer Network Engineering" [M]. People's Posts and
and confirmation sequence number a + 1, as confirmation of Telecommunications Press, 2013
host a's fin message; server a wants to terminate the [5] Zhang ,Cao. Computer Network Engineering [M]. Dalian University of
connection, so it sends a data segment identifying fin and Technology Press, 2012
ACK with sequence number of B, yes Recognize the sequence [6] (America) Frum, (America) Sivasa Bramanian, (America) Flam. Build a
number as a + 1; host a responds to a data segment marked Cisco Multilayer Switching Network [M]. People's Posts and
Telecommunications Press, 2010.
with ACK, the sequence number is a + 1, and the confirmation
sequence number is B + 1, as the confirmation of the fin
message of server a.

120

Authorized licensed use limited to: UNIVERSITY OF WESTERN ONTARIO. Downloaded on May 26,2021 at 14:03:06 UTC from IEEE Xplore. Restrictions apply.