1 research outputs found
Reflection Scan: an Off-Path Attack on TCP
The paper demonstrates how traffic load of a shared packet queue can be
exploited as a side channel through which protected information leaks to an
off-path attacker. The attacker sends to a victim a sequence of identical
spoofed segments. The victim responds to each segment in the sequence (the
sequence is reflected by the victim) if the segments satisfy a certain
condition tested by the attacker. The responses do not reach the attacker
directly, but induce extra load on a routing queue shared between the victim
and the attacker. Increased processing time of packets traversing the queue
reveal that the tested condition was true. The paper concentrates on the TCP,
but the approach is generic and can be effective against other protocols that
allow to construct requests which are conditionally answered by the victim. A
proof of concept was created to assess applicability of the method in real-life
scenarios