Security problems in the TCP/IP protocol suite
ACM SIGCOMM Computer Communication Review
Takedown: The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaws - by the Man Who Did It
A Look Back at "Security Problems in the TCP/IP Protocol Suite"
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Defeating script injection attacks with browser-enforced embedded policies
Proceedings of the 16th international conference on World Wide Web
Resisting SYN flood DoS attacks with a SYN cache
BSDC'02 Proceedings of the BSD Conference 2002 on BSD Conference
Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure
ACM Transactions on Information and System Security (TISSEC)
On the state of IP spoofing defense
ACM Transactions on Internet Technology (TOIT)
Understanding the efficacy of deployed internet source address validation filtering
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Reining in the web with content security policy
Proceedings of the 19th international conference on World wide web
The Tangled Web: A Guide to Securing Modern Web Applications
The Tangled Web: A Guide to Securing Modern Web Applications
Off-path TCP Sequence Number Inference Attack - How Firewall Middleboxes Reduce Security
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
WOOT'12 Proceedings of the 6th USENIX conference on Offensive Technologies
Collaborative TCP sequence number inference attack: how to crack sequence number under a second
Proceedings of the 2012 ACM conference on Computer and communications security
| Hi-index | 0.00 |
We present a practical off-path TCP-injection attack for connections between current, non-buggy browsers and web-servers. The attack allows web-cache poisoning with malicious objects; these objects can be cached for long time period, exposing any user of that cache to XSS, CSRF and phishing attacks. In contrast to previous TCP-injection attacks, we assume neither vulnerabilities such as client-malware nor predictable choice of client port or IP-ID. We only exploit subtle details of HTTP and TCP specifications, and features of legitimate (and common) browser implementations. An empirical evaluation of our techniques with current versions of browsers shows that connections with popular websites are vulnerable. Our attack is modular, and its modules may improve other off-path attacks on TCP communication. We present practical patches against the attack; however, the best defense is surely adoption of TLS, that ensures security even against the stronger Man-in-the-Middle attacker.