Date Added: May 2011
The authors present the first practical example of an entirely new class of network attacks - attacks that target the network infrastructure. Modern routers in computer networks use general-purpose programmable packet processors. The software used for packet processing on these systems is potentially vulnerable to remote exploits. In this paper, they demonstrate a specific attack that can launch a devastating denial-of-service attack by sending just a single packet. They show that vulnerable packet processing code can be exploited on a Click modular router as well as on a custom packet processor on the NetFPGA platform. They also show that defense techniques based on processor monitoring that they have proposed in prior work can help in detecting and avoiding such attacks.