TCP Spoofing: Reliable Payload Transmission Past the Spoofed TCP Handshake
Yepeng Pan, Christian Rossow
IEEE Symposium on Security and Privacy 2024 · Day 3 · Continental Ballroom 4
In the realm of network security, **TCP spoofing** remains a persistent threat, allowing attackers to establish and utilize TCP connections with a forged source IP address. Historically, the primary motivation for such attacks has been to bypass IP-based authentication mechanisms or evade blocklists, which are common in systems like email servers using SPF, PostgreSQL databases verifying user IPs, or firewalls allowing specific IP ranges to access sensitive data. While modern operating systems have significantly improved the randomization of **Initial Sequence Numbers (ISNs)**, making traditional ISN prediction attacks largely obsolete, the challenge of reliably injecting payloads into a successfully spoofed connection has largely been unaddressed.
AI review
This research rips open TCP spoofing, moving it from theoretical to practically devastating. The "ghost ACKs" and various feedback channels for ISN discovery are novel, demonstrating a sophisticated understanding of protocol nuances and application-layer vulnerabilities. This work will force a re-evaluation of IP-based authentication and critical infrastructure defenses.