Re: [PATCH v2 net] tcp: make challenge acks less predictable

2016-07-13 Thread Yue Cao
I see your point and I agree with you that SSL protects victims from this hijacking attack, especially with full HSTS. For Windows case, since Windows is a black box for us, we tested its Challenge ACK mechanism with Windows Server 2012 R2 Base and Windows Server 2008 R2 from Amazon EC2. The

Re: [PATCH v2 net] tcp: make challenge acks less predictable

2016-07-11 Thread David Miller
From: Eric Dumazet Date: Sun, 10 Jul 2016 10:04:02 +0200 > From: Eric Dumazet > > Yue Cao claims that current host rate limiting of challenge ACKS > (RFC 5961) could leak enough information to allow a patient attacker > to hijack TCP sessions. He

Re: [PATCH v2 net] tcp: make challenge acks less predictable

2016-07-11 Thread Yuchung Cheng
On Sun, Jul 10, 2016 at 1:04 AM, Eric Dumazet wrote: > From: Eric Dumazet > > Yue Cao claims that current host rate limiting of challenge ACKS > (RFC 5961) could leak enough information to allow a patient attacker > to hijack TCP sessions. He will

Re: [PATCH v2 net] tcp: make challenge acks less predictable

2016-07-11 Thread Eric Dumazet
On Sun, 2016-07-10 at 11:28 -0700, Yue Cao wrote: > This second patch does make our attack much harder but it's still > possible to do such off-path attack with enough network bandwidth. > Here is our modified attack for this second patch. > > Modified Attack: > Main idea of our attack is to send

Re: [PATCH v2 net] tcp: make challenge acks less predictable

2016-07-10 Thread Yue Cao
This second patch does make our attack much harder but it's still possible to do such off-path attack with enough network bandwidth. Here is our modified attack for this second patch. Modified Attack: Main idea of our attack is to send multiple same spoofed packets in 1 second so attacker can

Re: [PATCH v2 net] tcp: make challenge acks less predictable

2016-07-10 Thread Neal Cardwell
On Sun, Jul 10, 2016 at 4:04 AM, Eric Dumazet wrote: > > From: Eric Dumazet > > Yue Cao claims that current host rate limiting of challenge ACKS > (RFC 5961) could leak enough information to allow a patient attacker > to hijack TCP sessions. He will

[PATCH v2 net] tcp: make challenge acks less predictable

2016-07-10 Thread Eric Dumazet
From: Eric Dumazet Yue Cao claims that current host rate limiting of challenge ACKS (RFC 5961) could leak enough information to allow a patient attacker to hijack TCP sessions. He will soon provide details in an academic paper. This patch increases the default limit from