Security

Off-Path TCP Sequence Number Inference Attack How Firewall Middleboxes Reduce Security

Download Now Free registration required

Executive Summary

In this paper, the authors report a newly discovered "Off-path TCP sequence number inference" attack enabled by firewall middle-boxes. It allows an off-path (i.e., not man-in-the-middle) attacker to hijack a TCP connection and inject malicious content, effectively granting the attacker write-only permission on the connection. For instance, with the help of unprivileged malware, they demonstrate that a successful attack can hijack an HTTP session and return a phishing Facebook login page issued by a browser. With the same mechanisms, it is also possible to inject malicious Javascript to post tweets or follow other people on behalf of the victim.

  • Format: PDF
  • Size: 991.47 KB