Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
EUROSEC
2009
ACM
2009
ACM
Application-based TCP hijacking
We present application-based TCP hijacking (ABTH), a new attack on TCP applications that exploits flaws due to the interplay between TCP and application protocols to inject data into an application session without either server or client applications noticing the spoofing attack. Following the injection of a TCP packet, ABTH resynchronizes the TCP stacks of both the server and the client. To evaluate the feasibility and effectiveness of ABTH, we developed a tool that allows impersonating users of Windows Live Messenger in the matter of few seconds. Due to its generic nature, ABTH can be mounted on a variety of modern protocols for TCP-based applications. Countermeasures to thwart and/or limit the effectiveness of ABTH could include strict Ethernet switching and cryptographic protection of messages. However, the former cannot be guaranteed by the application provider and the latter appears to be still prohibitively expensive for such large-scale applications with hundreds of millio...
Real-time TrafficApplication Protocols | Application-based Tcp | EUROSEC 2009 | Security Privacy | Windows Live Messenger |
| Added | 19 May 2010 |
| Updated | 19 May 2010 |
| Type | Conference |
| Year | 2009 |
| Where | EUROSEC |
| Authors | Oliver Zheng, Jason Poon, Konstantin Beznosov |
Comments (0)
Researcher Info
|
