Off-path (i.e. non-man-in-the-middle) network attacks; do firewalls/routers lower security? (papers)

Discussion in 'other firewalls' started by MrBrian, Dec 5, 2014.

  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From Off-Path Hacking: The Illusion of Challenge-Response Authentication (2013):
    ----------

    From Off-path TCP Sequence Number Inference Attack - How Firewall Middleboxes Reduce Security (2012):
    Demo video is available at http://web.eecs.umich.edu/~zhiyunq/tcp_sequence_number_inference/.

    ----------

    From Off-Path TCP Injection Attacks (2014):
    Download: http://u.cs.biu.ac.il/~herzbea/security/14-01-tcp.pdf .

    ----------

    Some other papers in the references of the above papers are available at Google Scholar.
     
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From Reflection Scan: an Off-Path Attack on TCP (2012):
     
  3. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    Wow, the last one is nasty. I'll have to read the paper (or at least try to) but it sounds like a design flaw in TCP.

    I'm surprised we haven't heard more about stuff like this. I mean, the papers are a couple years old now...
     
Loading...