Abstract:
the vulnerability allows a blind off-path attacker to infer if any two arbitrary hosts on the Internet are communicating using a TCP connection. Further, if the connection is present, such an off-path attacker can also infer the TCP sequence numbers in use, from both sides of the connection; this in turn allows the attacker to cause connection termination and perform data injection attacks. We illustrate how the attack can be leveraged to disrupt or degrade the privacy guarantees of an anonymity network such as Tor, and perform web connection hijacking. Through extensive experiments, we show that the attack is fast and reliable. On average, it takes about 40 to 60 seconds to finish and the success rate is 88% to 97%. Finally, we propose changes to both the TCP specification and implementation to eliminate the root cause of the problem.
sec16_TCP_pure_offpath (PDF)
qui c’e’ un workaround, in attesa di patch
Per quanto posso dire, almeno nelle principali distribuzioni la patch è già presente negli ultimi aggiornamenti. Come d’uso, la disclosure pubblica del problema è avvenuta a patch disponibile e distribuita.