top of page

TCP/IP Facts

Most Internet communication does run on TCP/IP, and the protocol provides several built‑in mechanisms that make attacks on an established session extremely difficult:

 

  1. TCP is a session‑oriented, end‑to‑end transport protocol.  A TCP session is uniquely identified by the combination of both parties’ IP addresses and port numbers. These values cannot change during an active session. An attacker would have to use the exact same IP address and port pair to interfere with an existing session, which means the attacker would never receive the return traffic required to sustain the attack.

  2. The three-way handshake prevents session setup using a spoofed IP address.
    During session establishment, TCP performs a three-way handshake that confirms both endpoints are reachable. A spoofed IP address cannot receive the SYN ACK response, and therefore cannot complete the handshake.
    The handshake also establishes the initial Sequence and Acknowledgment numbers. These values are randomly generated and evolve dynamically as data flows. For an attacker to inject packets successfully, they would need to guess both numbers exactly—an extremely difficult task in practice.
    In addition, even if a spoofed IP attacker attempts to send an ACK in response to the server’s SYN ACK, they cannot know the correct Sequence number required to generate a valid ACK.  As a result, the handshake fails and the session cannot be established.

  3. TCP/IP operates at the transport layer and requires a listening application. TCP must know which application should receive the data, and applications are identified by port numbers. A server must explicitly start a service and open a listening port before it can accept incoming connections. If a system has no open listening ports, there is no entry point for an attacker to connect to. In addition, the application itself has specific, predefined tasks and cannot be manipulated to perform arbitrary actions chosen by an attacker.

 

Based on these facts:

  1. Anyone can safely surf the Internet without worrying about being attacked by a hacker.

  2. ​If a system has no open listening ports, a hacker on the Internet can never get in.

  3. ​Since IPv6 is now widely available, we should all obtain static IP addresses. By doing so, we can block all hackers using an IP‑based whitelist, because attackers cannot spoof IP addresses. With static IPv6 addressing, access can be restricted to known, trusted IPs, and spoofing becomes impractical due to end‑to‑end address validation.

  4. ​Phishing websites can be identified because they cannot use the same IP address as the legitimate website. A fraudulent site must host its content on a different IP address, making IP‑based verification an effective way to detect phishing attempts.

bottom of page