Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Investigation of the 2016 Linux TCP Stack Vulnerability at Scale

Investigation of the 2016 Linux TCP Stack Vulnerability at Scale Investigation of the 2016 Linux TCP Stack Vulnerability at Scale ALAN QUACH , University of California, Riverside ZHONGJIE WANG , University of California, Riverside ZHIYUN QIAN, University of California, Riverside To combat blind in-window attacks against TCP, changes proposed in RFC 5961 have been implemented by Linux since late 2012. While successfully eliminating the old vulnerabilities, the new TCP implementation was reported in August 2016 to have introduced a subtle yet serious security flaw. Assigned CVE-2016-5696, the flaw exploits the challenge ACK rate limiting feature that could allow an off-path attacker to infer the presence/absence of a TCP connection between two arbitrary hosts, terminate such a connection, and even inject payload into an unsecured TCP connection. In this work, we perform a comprehensive measurement of the impact of the new vulnerability. This includes (1) tracking the vulnerable Internet servers, (2) monitoring the patch behavior over time, (3) picturing the overall security status of TCP stacks at scale. Towards this goal, we design a scalable measurement methodology to scan the Alexa top 1 million websites for almost 6 months. We also present how notifications impact the patching behavior, and compare the result with the Heartbleed and the Debian PRNG http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Proceedings of the ACM on Measurement and Analysis of Computing Systems Association for Computing Machinery

Investigation of the 2016 Linux TCP Stack Vulnerability at Scale

Download PDF
19 pages

Loading next page...
 
/lp/association-for-computing-machinery/investigation-of-the-2016-linux-tcp-stack-vulnerability-at-scale-mw41mn0mI7
Publisher
Association for Computing Machinery
Copyright
Copyright © 2017 by ACM Inc.
ISSN
2476-1249
DOI
10.1145/3084441
Publisher site
See Article on Publisher Site

Abstract

Investigation of the 2016 Linux TCP Stack Vulnerability at Scale ALAN QUACH , University of California, Riverside ZHONGJIE WANG , University of California, Riverside ZHIYUN QIAN, University of California, Riverside To combat blind in-window attacks against TCP, changes proposed in RFC 5961 have been implemented by Linux since late 2012. While successfully eliminating the old vulnerabilities, the new TCP implementation was reported in August 2016 to have introduced a subtle yet serious security flaw. Assigned CVE-2016-5696, the flaw exploits the challenge ACK rate limiting feature that could allow an off-path attacker to infer the presence/absence of a TCP connection between two arbitrary hosts, terminate such a connection, and even inject payload into an unsecured TCP connection. In this work, we perform a comprehensive measurement of the impact of the new vulnerability. This includes (1) tracking the vulnerable Internet servers, (2) monitoring the patch behavior over time, (3) picturing the overall security status of TCP stacks at scale. Towards this goal, we design a scalable measurement methodology to scan the Alexa top 1 million websites for almost 6 months. We also present how notifications impact the patching behavior, and compare the result with the Heartbleed and the Debian PRNG

Journal

Proceedings of the ACM on Measurement and Analysis of Computing SystemsAssociation for Computing Machinery

Published: Jun 13, 2017

There are no references for this article.