Sciweavers

NDSS
2009
IEEE

Detecting Forged TCP Reset Packets

14 years 6 months ago
Detecting Forged TCP Reset Packets
Several off-the-shelf products enable network operators to enforce usage restrictions by actively terminating connections when deemed undesirable. While the spectrum of their application is large—from ISPs limiting the usage of P2P applications to the “Great Firewall of China”—many of these systems implement the same approach to disrupt the communication: they inject artificial TCP Reset (RST) packets into the network, causing the endpoints to shut down communication upon receipt. In this work, we study the characteristics of packets injected by such traffic control devices. We show that by exploiting the race-conditions that out-of-band devices inevitably face, we not only can detect the interference but often also fingerprint the specific device in use. We develop an efficient injection detector and demonstrate its effectiveness by identifying a range of disruptive activity seen in traces from four different sites, including termination of P2P connections, anti-spam and...
Nicholas Weaver, Robin Sommer, Vern Paxson
Added 21 May 2010
Updated 21 May 2010
Type Conference
Year 2009
Where NDSS
Authors Nicholas Weaver, Robin Sommer, Vern Paxson
Comments (0)