Effects of mobility and multihoming on transport-protocol security

Abstract

The Stream Control Transmission Protocol (SCTP) is a reliable message-based transport protocol developed by the IETF that could replace TCP in some applications. SCTP allows endpoints to have multiple IP addresses for the purposes of fault tolerance. There is on-going work to extend the SCTP multihoming functions to support dynamic addressing and endpoint mobility. This paper explains how the multihoming and mobility features can be exploited for denial-of-service attacks, connection hijacking, and packet flooding. We propose implementation guidelines for SCTP and changes to the mobility extensions that prevent most of the attacks. The same lessons apply to multihomed TCP variants and other transport-layer protocols that incorporate some flavor of dynamic addressing.