Collaborative TCP sequence number inference attack - How to crack sequence number under a second

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2012, Pages 593-604

  Qian, Zhiyun ^a   Mao, Z Morley ^a   Xie, Yinglian ^b  

^a The Department of Civil and Environmental Engineering   (United States)

^b MICROSOFT RESEARCH   (United States)

Author keywords

Network packet counters; TCP hijacking; TCP sequence number

Indexed keywords

JAVASCRIPTS; MALWARES; NETWORK DESIGN; NETWORK PACKETS; SEQUENCE NUMBER; SIDE-CHANNEL; TCP HIJACKING;

SECURITY OF DATA;

EID: 84869397228     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2382196.2382258     Document Type: Conference Paper

References (33)

1. Blind TCP/IP Hijacking is Still Alive. http://www.phrack.org/issues.php? issue=64&id=15.
2. CERT Advisory CA-1995-01 IP Spooffng Attacks and Hijacked Terminal Connections. http://www.cert.org/advisories/CA-1995-01.html.
3. Golomb Ruler. http://en.wikipedia.org/wiki/Golomb-ruler.
4. Linux Blind TCP Spooffng Vulnerability. http://www.securityfocus.com/bid/ 580/info.
5. Linux: TCP Random Initial Sequence Numbers. http://kerneltrap.org/node/ 4654.
6. MSN Messenger Protocol. http://www.hypothetic.org/docs/msn/.
7. RFC 1948 - Defending Against Sequence Number Attacks. http://tools.ietf.org/html/rfc1948.
8. RFC 5961 - Improving TCP's Robustness to Blind In-Window Attacks. http://tools.ietf.org/html/rfc5961.
9. RFC 793 - Transmission Control Protocol. http://tools.ietf.org/html/ rfc793.
10. Stateful Firewall and Masquerading on Linux. http://www.puschitz.com/ FirewallAndRouters.shtml.
11. sysctl Mac OS X Manual. https://developer.apple.com/library/mac/ #documentation/Darwin/Reference/Manpages/man3/sysctl.3.html#//apple-ref/doc/man/ 3/sysctl.
12. TCP Delayed Ack in Linux. http://wiki.hsc.com/wiki/Main/ InsideLinuxTCPDelayedAck.
13. S. Chen, R. Wang, X. Wang, and K. Zhang. Side-channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow. In Proc. of IEEE Security and Privacy, 2010.
14. M. Dietz, S. Shekhar, Y. Pisetsky, A. Shu, and D. S. Wallach. Quire: Lightweight Provenance for Smart Phone Operating Systems. In Proc. of USENIX Security Symposium, 2011.
15. M. Egele, C. Kruegel, E. Kirda, and G. Vigna. PiOS: Detecting Privacy Leaks in iOS Applications. In NDSS, 2011.
16. W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: An Information-ow Tracking System for Realtime Privacy Monitoring on Smartphones. In OSDI, 2010.
17. W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A Study of Android Application Security. In Proc. of USENIX Security Symposium, 2011.
18. R. Ensafi, J. C. Park, D. Kapur, and J. R. Crandall. Idle Port Scanning and Non-interference Analysis of Network Protocol Stacks using Model Checking. In Proc. of USENIX Security Symposium, 2010.
19. A. P. Felt, H. J. Wang, A. Moshchuk, S. Hanna, and E. Chin. Permission Re-delegation: Attacks and Defenses. In Proc. of USENIX Security Symposium, 2011.
20. Y. Gilad and A. Herzberg. Off-Path Attacking the Web. In Proc. of USENIX Workshop on Offensive Technologies (WOOT), 2012.
21. S. Guha and P. Francis. Characterization and Measurement of TCP Traversal through NATs and Firewalls. In Proc. ACM SIGCOMM IMC, 2005.
22. S. Jana and V. Shmatikov. Memento: Learning secrets from process footprints. In Proc. of IEEE Security and Privacy, 2012.
23. L. Joncheray. A Simple Active Attack against TCP. In Proc. of USENIX Security Symposium, 1995.
24. G. LEECH, P. RAYSON, and A. WILSON. Procfs Analysis. http://www.nsa.gov/ research/-files/selinux/papers/slinux/node57.shtml.
25. R. Morris. A Weakness in the 4.2BSD Unix TCP/IP Software. Technical report, 1985.
26. Z. Qian and Z. M. Mao. Off-Path TCP Sequence Number Inference Attack - How Firewall Middleboxes Reduce Security. In Proc. of IEEE Security and Privacy, 2012.
27. Z. Qian, Z. M. Mao, Y. Xie, and F. Yu. Investigation of Triangular Spamming: A Stealthy and Efficient Spamming Technique. In Proc. of IEEE Security and Privacy, 2010.
28. R. Schlegel, K. Zhang, X. yong Zhou, M. Intwala, A. Kapadia, and X. Wang. Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones. In NDSS, 2011.
29. D. X. Song, D. Wagner, and X. Tian. Timing Analysis of Keystrokes and Timing Attacks on SSH. In Proc. of USENIX Security Symposium, 2001.
30. M. Vuagnoux and S. Pasini. Compromising electromagnetic emanations of wired and wireless keyboards. In Proc. of USENIX Security Symposium, 2009.
31. Z. Wang, Z. Qian, Q. Xu, Z. M. Mao, and M. Zhang. An Untold Stody of Middleboxes in Cellular Networks. In SIGCOMM, 2011.
32. P. A. Watson. Slipping in the Window: TCP Reset Attacks. In CanSecWest, 2004.
33. K. Zhang and X. Wang. Peeping Tom in the Neighborhood: Keystroke Eavesdropping on Multi-User Systems. In Proc. of USENIX Security Symposium, 2009.