Off-path TCP sequence number inference attack: How firewall middleboxes reduce security

Proceedings - IEEE Symposium on Security and Privacy

Volumn , Issue , 2012, Pages 347-361

  Qian, Zhiyun ^a   Mao, Z Morley ^a  

^a UNIVERSITY OF MICHIGAN   (United States)

Author keywords

Firewall middleboxes; TCP connection hijack; TCP sequence number inference

Indexed keywords

COMPUTER SYSTEM FIREWALLS; HTTP; TRANSMISSION CONTROL PROTOCOL;

FIREWALL MIDDLEBOX; INFERENCE ATTACKS; MALWARES; MAN IN THE MIDDLE; MIDDLEBOXES; PHISHING; SEQUENCE NUMBER; TCP CONNECTION HIJACK; TCP CONNECTIONS; TCP SEQUENCE NUMBER INFERENCE;

MALWARE;

EID: 84878347923     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SP.2012.29     Document Type: Conference Paper

References (35)

1. CERT Advisory CA-1995-01 IP Spoofing Attacks and Hijacked Terminal Connections. http://www.cert.org/advisories/CA-1995-01.html, Retrieved on 03/04/2012.
2. CERT Advisory CA-2001-09 Statistical Weaknesses in TCP/IP Initial Sequence Numbers. http://www.cert.org/advisories/CA-2001-09.html, Retrieved on 03/04/2012.
3. Check Point - What's New for FireWall-1/TCP Sequence Checking. http://www.checkpoint.com/ngupgrade/whatsnew/products/features/tcpseqcheck.html, Retrieved on 03/04/2012.
4. Cisco Security Advisory: Cisco Secure PIX Firewall TCP Reset Vulnerability. http://www.cisco.com/en/US/products/products security advisory09186a00800b1397.shtml, Retrieved on 03/04/2012.
5. Comet (programming). http://en.wikipedia.org/wiki/Comet-(programming), Retrieved on 03/04/2012.
6. Linux Blind TCP Spoofing Vulnerability. http://www.securityfocus.com/bid/ 580/info, Retrieved on 03/04/2012.
7. Linux: TCP Random Initial Sequence Numbers. http://kerneltrap.org/node/ 4654, Retrieved on 03/04/2012.
8. Stateful Firewall and Masquerading on Linux. http://www.puschitz.com/ FirewallAndRouters.shtml, Retrieved on 03/04/2012.
9. TCP hijacking video demo. http://youtu.be/T65lQtgUJ2Y, Retrieved on 03/04/2012.
10. Access Point Name. http://en.wikipedia.org/wiki/Access Point Name, Retrived on 03/04/2012.
11. MSN Messenger Protocol. http://www.hypothetic.org/docs/msn/, Retrived on 03/04/2012.
12. S. M. Bellovin. A Look Back at "Security Problems in the TCP/IP Protocol Suite". In ACSAC, 2004.
13. R. Beverly, A. Berger, Y. Hyun, and k claffy. Understanding the Efficacy of Deployed Internet Source Address Validation Filtering. In Proc. ACM SIGCOMM IMC, 2009.
14. S. Chen, R. Wang, X. Wang, and K. Zhang. Side-channel leaks in web applications: a reality today, a challenge tomorrow. In Proc. of IEEE Security and Privacy, 2010.
15. Cisco. Cisco ASA 5500 Series Configuration Guide using the CLI, 8.2. http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns tcpnorm.html, Retrieved on 03/04/2012.
16. R. Ensafi, J. C. Park, D. Kapur, and J. R. Crandall. Idle Port Scanning and Non-interference Analysis of Network Protocol Stacks using Model Checking. In Proc. of USENIX Security Symposium, 2010.
17. L. Falk, A. Prakash, and K. Borders. Analyzing websites for user-visible security design flaws. In Proc. of Usable privacy and security, 2008.
18. A. P. Felt, H. J. Wang, A. Moshchuk, S. Hanna, and E. Chin. Permission re-delegation: attacks and defenses. In Proc. of USENIX Security Symposium, 2011.
19. F. Gont and S. Bellovin. Defending Against Sequence Number Attacks. RFC 6528, 2012.
20. V. Jacobson, R. Braden, and D. Borman. TCP Extensions for High Performance. RFC 1323, 1992.
21. Juniper. Stateful Inspection Firewalls. http://www.abchost.sk/download/ 204-4/juniper-stateful-inspection-firewall.pdf, Retrieved on 03/04/2012.
22. S. Kamara, S. Fahmy, E. Schultz, F. Kerschbaum, and M. Frantzen. Analysis of Vulnerabilities in Internet Firewalls. In "Computers & Security", 2003.
23. G. LEECH, P. RAYSON, and A. WILSON. Procfs Analysis. http://www.nsa.gov/ research/ files/selinux/papers/slinux/node57.shtml, Retrieved on 03/04/2012.
24. lkm. Blind TCP/IP hijacking is still alive. In Phrack Magazine, issue 64, 2007.
25. J. Postel. TRANSMISSION CONTROL PROTOCOL. RFC 793, 1981.
26. Z. Qian, Z. M. Mao, Y. Xie, and F. Yu. Investigation of Triangular Spamming: A Stealthy and Efficient Spamming Technique. In Proc. of IEEE Security and Privacy, 2010.
27. A. Ramaiah, R. Stewart, and M. Dalal. Improving TCP's Robustness to Blind In-Window Attacks. RFC 5961, 2010.
28. E. S. Guha, K. Biswas, B. Ford, S. Sivakumar, and P. Srisuresh. NAT Behavioral Requirements for TCP. RFC 5382, 2008.
29. R. Schlegel, K. Zhang, X. yong Zhou, M. Intwala, A. Kapadia, and X. Wang. Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones. In NDSS, 2011.
30. D. X. Song, D. Wagner, and X. Tian. Timing Analysis of Keystrokes and Timing Attacks on SSH. In Proc. of USENIX Security Symposium, 2001.
31. J. Touch. Defending TCP Against Spoofing Attacks. RFC 4953, 2007.
32. Z. Wang, Z. Qian, Q. Xu, Z. M. Mao, and M. Zhang. An Untold Stody of Middleboxes in Cellular Networks. In SIGCOMM, 2011.
33. P. A. Watson. Slipping in the Window: TCP Reset Attacks. In CanSecWest, 2004.
34. Q. Xu, J. Huang, Z. Wang, F. Qian, A. Gerber, and Z. M. Mao. Cellular Data Network Infrastructure Characterization and Implication on Mobile Content Placement. In Proc. ACM SIGMETRICS, 2011.
35. K. Zhang and X. Wang. Peeping Tom in the Neighborhood: Keystroke Eavesdropping on Multi-User Systems. In Proc. of USENIX Security Symposium, 2009.