Application-based TCP hijacking

Proceedings of the 2nd European Workshop on System Security, EUROSEC'09

Volumn , Issue , 2009, Pages 9-15

  Zheng, Oliver ^a   Poon, Jason ^a   Beznosov, Konstantin ^a  

^a UNIVERSITY OF BRITISH COLUMBIA   (Canada)

Author keywords

Application protocols; Application based TCP hijacking; Packet injection; TCP hijacking; Windows Live Messenger

Indexed keywords

APPLICATION PROTOCOLS; APPLICATION PROVIDERS; CLIENT APPLICATIONS; ETHERNET SWITCHING; GENERIC NATURE; LARGE-SCALE APPLICATIONS; PACKET INJECTION; SPOOFING ATTACKS; TCP APPLICATIONS; TCP HIJACKING; TCP PACKETS; TCP STACKS;

WINDOWS;

TRANSMISSION CONTROL PROTOCOL;

EID: 70349124474     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1519144.1519146     Document Type: Conference Paper

References (19)

1. AOL's Third Annual Instant Messager Trends Survey. Available at aim.com/survey.
2. MSN Messenger Encryption and Security Software. Available at secway.fr/us/products/simplitemsn/home.php.
3. Pidgin, the Universal IM Client. Available at pidgin.im.
4. Unofficial MSN Protocol Documentation, June 2007. Available at msnpiki.msnfanatic.com/index.php.
5. Windows Live Messenger Ads Reach Millions of Consumers, 2008. Available at advertising.microsoft.com/windows-live-messenger.
6. I. Dubrawsky. Safe Layer 2 Security In-Depth. White paper, Cisco Systems, Inc., 2004.
7. T. Fout. Inside Windows Messenger - How It Communicates, October 2001. Available at technet.microsoft.com/en-us/library/bb457041.aspx.
8. M. Gregg. Hack the Stack: Using Snort and Ethereal to Master the 8 Layers of an Insecure Network. Syngress, October 2006.
9. B. Harris and R. Hunt. TCP/IP Security Threats and Attack Methods. Computer Communications, 22(10):885-897, June 1991.
10. L. Joncheray. A simple active attack against TCP. In SSYM'95: Proceedings of the 5th conference on USENIX UNIX Security Symposium, pages 2-2, Berkeley, CA, USA, 1995. USENIX Association.
11. K. Lam, D. LeBlanc, and B. Smith. Theft on the Web: Prevent Session Hijacking, 2005. Available at technet.microsoft.com/en-us/magazine/cc160809. aspx.
12. M. Mintz and A. Sayers. MSN Messenger Protocol, December 2003. Available at hypothetic.org/docs/msn/index.php.
13. P. Piccard, B. Baskin, and G. Spillman. Securing IM and P2P Applications for the Enterprise. Syngress, May 2005.
14. J. Postel. Transmission Control Protocol. RFC 793 (Standard), September 1981. Updated by RFCs 1122, 3168. Available at ietf.org/rfc/rfc793.txt.
15. R. Spangler. Packet Sniffing on Layer 2 Switched Local Area Networks, December 2003. Available at packetwatch.net/documents/papers/layer2sniffing.pdf.
16. M. Stamp. Information Security: Principles and Practice. Wiley-Interscience, October 2005.
17. S. J. Templeton and K. Levitt. Detecting Spoofed Packets. In DARPA Information Survivability Conference and Exposition, volume 1, pages 164-175, April 2003.
18. C. Torre. Windows Live Messenger - What. How. Why. Available at channel9.msdn.com/Showpost.aspx?postid=215459.
19. R. Y. Zaghal and J. I. Khan. EFSM/SDL modeling of the original TCP standard (RFC793) and the Congestion Control Mechanism of TCP Reno. Available at http://www.medianet.kent.edu/techreports/TR2005-07-22-tcp-EFSM.pdf.