## Internet Standards (RFCs) The internet is made up of billions of interconnected computers all working together. To facilitate this collaboration, a common language must be established. A new computer, fresh off of the assembly line, that gets connected to the internet needs to be able to learn the common language of the internet so that it can start communicating with other computers. In reality, this language gets encoded into the computer by a programmer before it ever gets connected to the internet. How does the programmer know what to encode? Enter the Request For Comment (RFC). ### A Bit of History RFCs are documents that provide specifications for the internet. Each RFC is assigned a number, usually in sequence, starting with RFC 1 which was written by Steve Crocker in 1969. Today there are more than 9000 RFC documents managed primarily by the Internet Engineering Task Force (IETF). These specifications define the protocols that computers use to communicate. ### RFC 793 – Transmission Control Protocol (TCP) TCP is a protocol that is used to establish and maintain communication sessions between two computers over a network. Whether you know it or not, in order to see this webpage your browser needed to use the TCP protocol. RFC 793 defines how computers talk to each other using the TCP protocol. The image at the top of this post is taken directly from the RFC and shows how bits, which are simply 1s and 0s, can be interpreted to mean different things based on its position within the TCP header. The RFC specifies other things too like how to establish a connection using the ‘three-way-handshake’ in section 3.4. This handshake is what TCP is known for. ### Security Implication In cyber security, understanding how something works is the first step in figuring out how to leverage its normal functionality to achieve something that it wasn’t intended for. RFCs provide the detailed information, the blueprints, needed to understand the inner workings of the protocols. This information can be used in crafting an attack. For example, with TCP in particular, there is an attack known as SYN flooding. ![[synflood.png]] A SYN flooding attack is categorized as a Distributed Denial of Service (DDoS) attack. More on the specifics of DDoS in future posts. For the purposes of this post it is sufficient to understand that DDoS attacks aim to take targeted websites and other computers offline and make them inaccessible. SYN flooding works by manipulating the three-way-handshake specified in RFC 793. The attacker sends SYN packets from spoofed Internet Protocol (IP) addresses to a target computer. The target computer, in keeping with the RFC, sends a SYN-ACK packet in response. The target computer keeps the connection open on its end and waits for a ACK packet back from the attacker computer to complete the connection. In the attack, the attacking computer never sends the final ACK packet. This forces the target computer to keep the connection open taking up system resources, which are finite. If the attacker is able to send enough fake connections by sending a bunch of SYN packets, hence SYN flooding, the target computer will eventually run out of resources and new connections coming in from legitimate website visitors will not be able to connect which effectively takes the website offline and prevents normal users from accessing it. Today there are measures in place to mitigate SYN flooding attacks, but SYN flooding is just one example of how a RFC can be used to gain an understanding that can be used in a cyber attack. ### RFCs Can Be Fun Too Engineers of the early internet had a unique sense of humor. Some of that humor can be found in the RFC system. Littered throughout the pages and pages of technical specifications one can also find a humorous entry here and there. For example, RFC 1149 provides specifications on how to send internet communication, specifically IP Datagrams, using ‘Avian Carriers,’ i.e. homing pigeons. Another example is RFC 2324 that specifies how to brew coffee over a computer network. ### Resources [RFC 1149: A Standard for the Transmission of IP Datagrams on Avian Carriers](https://datatracker.ietf.org/doc/html/rfc1149) [RFC 2324: Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0)](https://datatracker.ietf.org/doc/html/rfc2324)