top of page

TCP/IP Facts
​

Most Internet communication does run on TCP/IP, and the protocol provides several built‑in mechanisms that make attacks on an established session extremely difficult:

 

  1. TCP is a session‑oriented, end‑to‑end transport protocol. A TCP session is uniquely identified by the combination of both parties’ IP addresses and port numbers. These values cannot change during an active session. An attacker would have to use the exact same IP address and port pair to interfere with an existing session, which means the attacker would never receive the return traffic required to sustain the attack.

  2. The three‑way handshake prevents spoofed-IP address session setup. During session establishment, TCP performs a three‑way handshake that verifies both endpoints are reachable. A spoofed IP address cannot receive the SYN‑ACK response and therefore cannot complete the handshake. The handshake also establishes the initial Sequence and Acknowledgment numbers. These values are randomly assigned during the handshake and evolve dynamically based on traffic. For an attacker to inject packets successfully, they must guess both numbers precisely, which is extremely difficult in practice.

  3. TCP/IP operates at the transport layer and requires a listening application. TCP must know which application should receive the data, and applications are identified by port numbers. A server must explicitly start a service and open a listening port before it can accept incoming connections. If a system has no open listening ports, there is no entry point for an attacker to connect to. In addition, the application itself has specific, predefined tasks and cannot be manipulated to perform arbitrary actions chosen by an attacker.

 

Based on these facts:

​

  1. Anyone can safely surf the Internet without worrying about being attacked by a hacker.

  2. ​If a system has no open listening ports, a hacker on the Internet can never get in.

  3. ​Since IPv6 is now widely available, we should all obtain static IP addresses. By doing so, we can block all hackers using an IP‑based whitelist, because attackers cannot spoof IP addresses. With static IPv6 addressing, access can be restricted to known, trusted IPs, and spoofing becomes impractical due to end‑to‑end address validation.

  4. ​Phishing websites can be identified because they cannot use the same IP address as the legitimate website. A fraudulent site must host its content on a different IP address, making IP‑based verification an effective way to detect phishing attempts.

bottom of page