TCP Spoofing: Reliable Payload Transmission Past the Spoofed TCP Handshake
Yepeng Pan, Christian Rossow
IEEE Symposium on Security and Privacy 2024 · Day 3 · Continental Ballroom 4
This talk, "TCP Spoofing: Reliable Payload Transmission Past the Spoofed TCP Handshake," presented by Yepeng Pan and Christian Rossow at IEEE S&P, delves into advanced techniques for exploiting TCP spoofing vulnerabilities. While traditional TCP spoofing attacks have focused primarily on establishing a connection by predicting or brute-forcing the server's Initial Sequence Number (ISN), this research addresses the far more challenging problem of reliably transmitting arbitrary payloads *after* the handshake is complete. The motivation for such an attack is to bypass IP-based authentication and blocklisting mechanisms, which are still widely used in various systems, from email (Sender Policy Framework - SPF) to databases (e.g., PostgreSQL IP-based user verification) and network access controls.
AI review
This research obliterates the illusion that TCP spoofing is limited to connection establishment. The "ghost ACK" vulnerability and the ingenious feedback channels, particularly via SMTP, enable reliable payload transmission, fundamentally compromising IP-based authentication. This is critical, actionable intelligence for any defender.