TCP/IP Attacks, Defenses and Security Tools

The TCP/IP protocol suite is the foundation of Internet and is ubiquitous in almost all networks worldwide. It was written as a robust protocol, which is able to communicate despite node failures. The design parameters of TCP did not weigh security as important and placed an implicit trust on nodes. The result was a protocol which was reliable and robust, but contained myriad inherent security flaws, open to be exploited by a malicious entity as was amply demonstrated by Morris worm [1] in the early days of what is Internet today. This problem was aggravated by various faulty implementations of the TCP/IP protocol. Many vulnerabilities and corresponding attacks have been identified targeting TCP/IP protocol suite including spoofing attacks, denial of service attacks, authentication attacks and routing attacks etc. Design flaws of TCP/IP can be mitigated by applying layers of security mechanism in a network. But this application itself is open to exploitation. Various tools have been designed to analyze and identify the presence of such vulnerabilities and avenues of exploitation in TCP/IP suite. We describe the spectrum of attacks against TCP/IP suite and discuss various defense mechanisms and tools like firewalls, intrusion detection systems, protocol analyzers, sniffers and vulnerability scanners etc. We conclude with an analysis of these tools. Keyword: Network security, TCP/IP security, security tools, hacking, computer security.