We show that fragmented IPv4 and IPv6 traffic is vulnerable to DoS, interception and modification attacks by a blind (spoofing-only) attacker. We demonstrated a weak attacker causing over 94% loss rate and intercepting more than 80% of data between peers. All attacks are practical, and validated experimentally on popular industrial and open-source products, with realistic network setups (involving NAT or tunneling). The interception attack requires a zombie behind the same NAT or tunnel-gateway as the victim destination; the other attacks only require a puppet (adversarial applet/script in sandbox). The complexity of our attacks depends on the predictability of the IP Identifier (ID) field and are simpler for implementations, e.g. Windows, which use globally-incrementing IP IDs. Most of our effort went into extending the attacks for implementations, e.g. Linux, which use per-destination-incrementing IP IDs.
|State||Published - 2011|
|Event||5th USENIX Workshop on Offensive Technologies, WOOT 2011 - San Francisco, United States|
Duration: 8 Aug 2011 → …
|Conference||5th USENIX Workshop on Offensive Technologies, WOOT 2011|
|Period||8/08/11 → …|
Bibliographical notePublisher Copyright:
© 2011 USENIX Association. All rights reserved.