1. Field
The subject matter disclosed herein relates to network communications protocols.
2. Information
To form a connection to a server capable of providing a service and/or resource, a client may first consult a Name Binding Service (for example, Internet Domain Name Service (DNS)) to learn potential endpoint addresses of the desired server. The client then transmits one or more initial startup packets (for example, TCP SYN, MFP Initial Hello, etc.) to those potential endpoint addresses for the desired server. The one or more initial startup packets contain no information about the desired identity of the server. A server at the one or more endpoint addresses, whether the server is the desired one or not, will respond with its responder initial startup packet (for example, TCP SYN ACK, MFP Responder Hello, etc.). Some communications protocols, such as Transmission Control Protocol (TCP), have no identifying information at the transport level beyond the socket address. Other protocols, such as Secure Media Flow Protocol (MFP), contain cryptographic credentials in the Responder Hello, which allow the client to determine if a responder has the desired identity and continue with session startup and communication. The server at the one or more endpoint addresses, whether the server is the desired one or not, must respond in order for the desired communications to take place. An attacker can use this behavior to scan for the presence of servers and/or services and their identities for later exploitation by enumerating and probing the relatively constrained socket address space.
To prevent unnecessary disclosure of the presence of servers at potential endpoint addresses and unnecessary consumption of network resources to convey irrelevant responses, potential servers should not respond if they are not the desired server.