000000180 001__ 180
000000180 005__ 20130522141942.0
000000180 037__ $$aLERSSE-RefConfPaper-2009-033
000000180 041__ $$aeng
000000180 100__ $$aOliver Zheng
000000180 100__ $$aJason Poon
000000180 100__ $$aKonstantin Beznosov
000000180 245__ $$aApplication-Based TCP Hijacking
000000180 260__ $$c2009-04-01
000000180 520__ $$aWe present application-based TCP hijacking (ABTH), a new attack on TCP applications that exploits flaws due to the interplay between TCP and application protocols to inject data into an application session without either server or client applications noticing the spoofing attack. Following the injection of a TCP packet, ABTH resynchronizes the TCP stacks of both the server and the client. To evaluate the feasibility and effectiveness of ABTH, we developed a tool that allows impersonating users of Windows Live Messenger in the matter of few seconds. Due to its generic nature, ABTH can be mounted on a variety of modern protocols for TCP-based applications. Countermeasures to thwart and/or limit the effectiveness of ABTH could include strict Ethernet switching and cryptographic protection of messages. However, the former cannot be guaranteed by the application provider and the latter appears to be still prohibitively expensive for such large-scale applications with hundreds of millions of sporadic users as Windows Live Messenger.
000000180 6531_ $$aTCP hijacking
000000180 6531_ $$aapplication-based TCP hijacking
000000180 6531_ $$aWindows Live Messenger
000000180 6531_ $$aapplication protocols
000000180 6531_ $$apacket injection       
000000180 6531_ $$aABTH
000000180 8560_ $$fqiangw@ece.ubc.ca
000000180 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/180/files/180.pdf$$yTransfer from CDS 0.99.7
000000180 909C4 $$pOliver Zheng, Jason Poon, Konstantin Beznosov, "Application-Based TCP Hijacking," in Proceedings of the 2009 European Workshop on System Security, Nuremberg, Germany, ACM, 31 March 2009, pp. 9-15.
000000180 980__ $$aRefConfPaper