Entry Gilad:2013:FCV from tissec.bib

Last update: Sun Oct 15 02:58:48 MDT 2017                Valid HTML 3.2!

Index sections

Top | Symbols | Numbers | Math | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

BibTeX entry

@Article{Gilad:2013:FCV,
  author =       "Yossi Gilad and Amir Herzberg",
  title =        "Fragmentation Considered Vulnerable",
  journal =      j-TISSEC,
  volume =       "15",
  number =       "4",
  pages =        "16:1--16:??",
  month =        apr,
  year =         "2013",
  CODEN =        "ATISBQ",
  DOI =          "https://doi.org/10.1145/2445566.2445568",
  ISSN =         "1094-9224 (print), 1557-7406 (electronic)",
  ISSN-L =       "1094-9224",
  bibdate =      "Thu Apr 4 18:18:20 MDT 2013",
  bibsource =    "http://portal.acm.org/;
                 http://www.math.utah.edu/pub/tex/bib/tissec.bib",
  abstract =     "We show that fragmented IPv4 and IPv6 traffic is
                 vulnerable to effective interception and
                 denial-of-service (DoS) attacks by an off-path
                 attacker. Specifically, we demonstrate a weak attacker
                 intercepting more than 80\% of the data between peers
                 and causing over 94\% loss rate. We show that our
                 attacks are practical through experimental validation
                 on popular industrial and open-source products, with
                 realistic network setups that involve NAT or tunneling
                 and include concurrent legitimate traffic as well as
                 packet losses. The interception attack requires a
                 zombie agent behind the same NAT or tunnel-gateway as
                 the victim destination; the DoS attack only requires a
                 puppet agent, that is, a sandboxed applet or script
                 running in web-browser context. The complexity of our
                 attacks depends on the predictability of the IP
                 Identification (ID) field which is typically
                 implemented as one or multiple counters, as allowed and
                 recommended by the IP specifications. The attacks are
                 much simpler and more efficient for implementations,
                 such as Windows, which use one ID counter for all
                 destinations. Therefore, much of our focus is on
                 presenting effective attacks for implementations, such
                 as Linux, which use per-destination ID counters. We
                 present practical defenses for the attacks presented in
                 this article, the defenses can be deployed on network
                 firewalls without changes to hosts or operating system
                 kernel.",
  acknowledgement = ack-nhfb,
  articleno =    "16",
  fjournal =     "ACM Transactions on Information and System Security",
  journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J789",
}

Related entries