Investigation of the 2016 Linux TCP Stack Vulnerability at Scale-Reference-Cited by-同舟云学术

Investigation of the 2016 Linux TCP Stack Vulnerability at Scale

Published:2017-09-18 Issue:1 Volume:45 Page:8-8
ISSN:0163-5999
Container-title:ACM SIGMETRICS Performance Evaluation Review
language:en
Short-container-title:SIGMETRICS Perform. Eval. Rev.

Author:

Quach Alan¹,Wang Zhongjie¹,Qian Zhiyun¹

Affiliation:

1. University of California, Riverside, Riverside, CA, USA

Abstract

To combat blind in-window attacks against TCP, changes proposed in RFC 5961 have been implemented by Linux since late 2012. While successfully eliminating the old vulnerabilities, the new TCP implementation was reported in August 2016 to have introduced a subtle yet serious security flaw. Assigned CVE-2016-5696, the flaw exploits the challenge ACK rate limiting feature that could allow an off-path attacker to infer the presence/absence of a TCP connection between two arbitrary hosts, terminate such a connection, and even inject malicious payload. In this work, we perform a comprehensive measurement of the impact of the new vulnerability. This includes (1) tracking the vulnerable Internet servers, (2) monitoring the patch behavior over time, (3) picturing the overall security status of TCP stacks at scale. Towards this goal, we design a scalable measurement methodology to scan the Alexa top 1 million websites for almost 6 months. We also present how notifications impact the patching behavior, and compare the result with the Heartbleed and the Debian PRNG vulnerability. The measurement represents a valuable data point in understanding how Internet servers react to serious security flaws in the operating system kernel.

Funder

National Science Foundation

Publisher

Association for Computing Machinery (ACM)

Subject

Computer Networks and Communications,Hardware and Architecture,Software

Link

https://dl.acm.org/doi/pdf/10.1145/3143314.3078510

Reference38 articles.

1. TCP protocol - Linux man page. http://man7.org/linux/man-pages/man7/tcp.7.html. TCP protocol - Linux man page. http://man7.org/linux/man-pages/man7/tcp.7.html.

2. Amazon AWS IP Address Ranges. http://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html. Amazon AWS IP Address Ranges. http://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html.

3. AWS Managed Services. https://aws.amazon.com/cn/managed-services/. AWS Managed Services. https://aws.amazon.com/cn/managed-services/.

4. Blind TCP/IP Hijacking is Still Alive. http://phrack.org/issues/64/13.html. Blind TCP/IP Hijacking is Still Alive. http://phrack.org/issues/64/13.html.

5. Censys Scan Data Repository. https://censys.io/data. Censys Scan Data Repository. https://censys.io/data.

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Teaching Intelligence System Based on the Cloud Platform of the Internet of Things and Its Application in Physical Education;Wireless Communications and Mobile Computing;2022-01-20