Fragmentation considered harmful
SIGCOMM '87 Proceedings of the ACM workshop on Frontiers in computer communications technology
Beyond folklore: observations on fragmented traffic
IEEE/ACM Transactions on Networking (TON)
DoS protection for UDP-based protocols
Proceedings of the 10th ACM conference on Computer and communications security
Understanding Linux Network Internals
Understanding Linux Network Internals
Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure
ACM Transactions on Information and System Security (TISSEC)
LOT: A Defense Against IP Spoofing and Flooding Attacks
ACM Transactions on Information and System Security (TISSEC)
Spying in the dark: TCP and tor traffic analysis
PETS'12 Proceedings of the 12th international conference on Privacy Enhancing Technologies
Fragmentation Considered Vulnerable
ACM Transactions on Information and System Security (TISSEC)
6LoWPAN fragmentation attacks and mitigation mechanisms
Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks
Hi-index | 0.00 |
We show that fragmented IPv4 and IPv6 traffic is vulnerable to DoS, interception and modification attacks by a blind (spoofing-only) attacker. We demonstrated a weak attacker causing over 94% loss rate and intercepting more than 80% of data between peers. All attacks are practical, and validated experimentally on popular industrial and open-source products, with realistic network setups (involving NAT or tunneling). The interception attack requires a zombie behind the same NAT or tunnel-gateway as the victim destination; the other attacks only require a puppet (adversarial applet/script in sandbox). The complexity of our attacks depends on the predictability of the IP Identifier (ID) field and are simpler for implementations, e.g. Windows, which use globally-incrementing IP IDs. Most of our effort went into extending the attacks for implementations, e.g. Linux, which use per-destination-incrementing IP IDs.