Eisspeedway

TCP Stealth

In computer networking, TCP Stealth is a proposed modification of the Transmission Control Protocol (TCP) to hide open ports of some TCP services from the public, in order to impede port scans. It is somewhat similar to the port knocking technique.[1][2] As of May 2015 it is an IETF Internet Draft specification.[3]

The proposal modifies the TCP three-way handshake by only accepting connections from clients that transmit a proof of knowledge of a shared secret. If the connection attempt does not use TCP Stealth, or if authentication fails, the server acts as if no service was listening on the port number.[4]

The project and initial Internet Draft specification was announced on 15 August 2014,[3] following the revelations about the GCHQ project HACIENDA, which uses port scanning to find vulnerable systems for Five Eyes intelligence agencies.[1][5] The draft was written by researchers from the Technische Universität München, Jacob Appelbaum of the Tor Project and Holger Kenn from Microsoft.

References