Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis
www.caida.org > publications : papers : 2015 : resilience_deployed_tcp_blind
Resilience of Deployed TCP to Blind Attacks
M. Luckie, R. Beverly, T. Wu, M. Allman, and k. claffy, "Resilience of Deployed TCP to Blind Attacks", in Internet Measurement Conference (IMC), Oct 2015.
|   View full paper:    PDF    |  Citation:    BibTeX   |

Resilience of Deployed TCP to Blind Attacks

Matthew Luckie4
Robert Beverly2
Tiange Wu1
Mark Allman3
kc claffy1
1

CAIDA, San Diego Supercomputer Center, University of California San Diego

2

Naval Postgraduate School

3

The ICSI Center for Internet Research - ICIR

4

University of Waikato

As part of TCP’s steady evolution, recent standards have recommended mechanisms to protect against weaknesses in TCP. But adoption, configuration, and deployment of TCP improvements can be slow. In this work, we consider the resilience of deployed TCP implementations to blind in-window attacks, where an off-path adversary disrupts an established connection by sending a packet that the victim believes came from its peer, causing data corruption or connection reset. We tested operating systems (and middleboxes deployed in front) of webservers in the wild in September 2015 and found 22% of connections vulnerable to in-window SYN and reset packets, 30% vulnerable to in-window data packets, and 38.4% vulnerable to at least one of three in-window attacks we tested. We also tested out-of-window packets and found that while few deployed systems were vulnerable to reset and SYN packets, 5.4% of connections accepted in-window data with an invalid acknowledgment number. In addition to evaluating commodity TCP stacks, we found vulnerabilities in 12 of 14 of the routers and switches we characterized – critical network infrastructure where the potential impact of any TCP vulnerabilities is particularly acute. This surprisingly high level of extant vulnerabilities in the most mature Internet transport protocol in use today is a perfect illustration of the Internet’s fragility. Embedded in historical context, it also provides a strong case for more systematic, scientific, and longitudinal measurement and quantitative analysis of fundamental properties of critical Internet infrastructure, as well as for the importance of better mechanisms to get best security practices deployed.

Keywords: measurement methodology, security
  Last Modified: Wed Oct-11-2017 17:04:06 PDT
  Page URL: http://www.caida.org/publications/papers/2015/resilience_deployed_tcp_blind/index.xml