Resilience of Deployed TCP to Blind Off-Path Attacks
MetadataShow full item record
As part of TCP’s steady evolution, recent standards have recommended mechanisms to protect against weaknesses in TCP. But adoption, configuration, and deployment of TCP improvements can be slow. In this work, we consider the resilience of deployed TCP implementations to blind in-window attacks, where an off-path adversary disrupts an established connection by sending a packet that the victim believes came from its peer, causing data corruption or connection reset. We tested operating systems (and middleboxes deployed in front) of webservers in the wild in September 2015 and found 22% of connections vulnerable to in-window SYN and re- set packets, 30% vulnerable to in-window data packets, and 38.4% vulnerable to at least one of three in-window attacks we tested. We also tested out-of-window packets and found that while few deployed systems were vulnerable to reset and SYN packets, 5.4% of connections accepted in-window data with an invalid acknowledgment number. In addition to evaluating commodity TCP stacks, we found vulnerabilities in 12 of 14 of the routers and switches we characterized – critical network infrastructure where the potential impact of any TCP vulnerabilities is particularly acute. This surprisingly high level of extant vulnerabilities in the most mature Internet transport protocol in use today is a perfect illus- tration of the Internet’s fragility. Embedded in historical context, it also provides a strong case for more systematic, scientific, and longitudinal measurement and quantitative analysis of fundamental properties of critical Internet infrastructure, as well as for the importance of better mechanisms to get best security practices deployed.
Proceedings of the Fifteenth ACM SIGCOMM Internet Measurement (IMC 2015) Conference, Tokyo, JP, October 2015 (Awarded Best Paper).The article of record may be found at: http://dx.doi.org/10.1145/2815675.2815700.
Showing items related by title, author, creator and subject.
Automatically Tracing Information Flow of Vulnerability and Cyber-Attack Information through Text Strings / 13th ICCRTS: C2 for Complex Endeavors Rowe, Neil C.; Sjoberg, Eric; Adams, Paige (2008-06);Quick dissemination of information about new vulnerabilities and attacks is essential to time-critical handling of threats in information security, but little systematic tracking has been done of it. We are developing ...
Performance Impact of Connectivity Restrictions and Increased Vulnerability Presence on Automated Attack Graph Generation Cullum, James; Irvine, Cynthia E.; Levin, Tim (International Conference on Warfare and Security (ICIW) Naval Postgraduate School , Monterey, California, USA 8-9 March 2007 pp.33-46, 2007-03-00);The current generation of network vulnerability detection software uses databases of known vulnerabilities and scans target networks for these weaknesses. The results can be voluminous and difficult to assess. Thus, the ...
Control Channel Vulnerability Analysis of the Institute of Electrical and Electronics Engineers 802.16m-2011 and 802.16- 2009 Standards Tang, Chee Meng (Monterey, California. Naval Postgraduate School, 2012-09);The Institute of Electrical and Electronics Engineers (IEEE) 802.16 set of standards, known as Worldwide Interoperability for Microwave Access (WiMAX), is a family of standards widely deployed for wireless network access. ...