3

Today I read the first time about a draft of TCP Stealth which should serve as a protection against GCHQ and NSA vulnerability scanning(Source: https://en.wikipedia.org/wiki/TCP_Stealth):

The proposal modifies the TCP three-way handshake by only accepting connections from clients that transmit a proof of knowledge of a shared secret. If the connection attempt does not use TCP Stealth, or if authentication fails, the server acts as if no service was listening on the port number. (Source: https://en.wikipedia.org/wiki/TCP_Stealth)

* What are the differences between TCP Stealth and Single Packet Authorization?

* What are the advantages of TCP Stealth compared to Single Packet Authorization?

Jon
  • 513
  • 1
  • 4
  • 11

2 Answers2

4

The difference is that SPA has a separate authentication step taking place over a UDP port before the SSH port is opened. In TCP Stealth, authentication is performed inside the SYN packet that initiates a connection with the protected service.

An advantage of TCP Stealth is that it does not need to keep track of which ports are "opened". It only needs to keep track of state like a normal TCP stack does. Another advantage is that no application need to be installed on client systems when this goes widespread. It will simply be built-in to all computers. So upon connecting to a resource, you could tell your operating system to embed a password in the SYN packet.

A third advantage, since an out-of-band authentication step is not performed, a NAT router could easily add authentication data to specific SYN packets to perform network-to-network authentication (like it was a VPN tunnel between the routers but without the encryption). This would provide access to a specific service to all computers behind a specific NAT router. The same thing with SPA would either require 2 connection attempts or a long waiting period to connect.

RoraΖ
  • 12,317
  • 4
  • 51
  • 83
sebastian nielsen
  • 8,779
  • 1
  • 19
  • 33
2

In the presence of a global passive adversary, the shared secret in the sequence number is vulnerable to replay attacks. Moreover, this is true in the case of a man in the middle as well.

Fred Concklin
  • 821
  • 8
  • 15