Security information for TCP/IP

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Security information for TCP/IP

TCP/IP internetworks are susceptible to a variety of possible attacks, from passive attacks (such as eavesdropping) to active attacks (such as denial-of-service attacks). For more information, see Security issues with IP and Security information for IPv6.

It is important to follow best practices for security when using IPv4 on your network. For more information, see Best practices for security.

The following are known security issues for IPv4:

  • The installation of an unauthorized router can cause the reconfiguration of clients and the rerouting of IPv4 traffic.

    To communicate with IPv4 nodes on other network segments, IPv4 hosts use a default router, also called a default gateway. The IP address of the default router is statically configured or assigned through Dynamic Host Configuration Protocol (DHCP).

    A malicious user with physical access to the IPv4 network can cause a denial-of-service attack on IPv4 hosts by installing an unauthorized router on the network segment. The unauthorized IPv4 router can reroute link traffic and disrupt other network services.

    Recommendation:

    • Ensure that unauthorized persons do not have physical or wireless access to your network.

  • A computer can seize the IPv4 address of a computer or device on the same subnet, causing other network devices to create an incorrect entry in their ARP cache.

    Nodes on an IPv4 subnet use Address Resolution Protocol(ARP) to resolve IP addresses used by TCP/IP-based software to media access control (MAC) addresses used by LAN hardware. The resolved link-layer address becomes an entry in the ARP cache on a node. If an IPv4 node spoofs the address of another node, it can cause other computers on the subnet to add a false entry to their ARP cache. All of the traffic that is intended for the computer with the spoofed IPv4 address instead goes to the computer of the attacker. In addition, the attacker can send traffic that will appear to have been generated by the spoofed computer.

    Recommendation:

    • Ensure that unauthorized persons do not have physical or wireless access to your network.