Subverting Stateful Firewalls with Protocol States (Extended Version)

12/17/2021
by   Amit Klein, et al.
0

We analyzed the generation of protocol header fields in the implementations of multiple TCP/IP network stacks and found new ways to leak information about global protocol states. We then demonstrated new covert channels by remotely observing and modifying the system's global state via these protocol fields. Unlike earlier works, our research focuses on hosts that reside in firewalled networks (including source address validation – SAV), which is a very common scenario nowadays. Our attacks are designed to be non-disruptive – in the exfiltration scenario, this makes the attacks stealthier and thus extends their longevity, and in case of host alias resolution and similar techniques – this ensures the techniques are ethical. We focused on ICMP, which is commonly served by firewalls, and on UDP, which is forecasted to take a more prominent share of the Internet traffic with the advent of HTTP/3 and QUIC, though we report results for TCP as well. The information leakage scenarios we discovered enable the construction of practical covert channels which directly pierce firewalls, or indirectly establish communication via hosts in firewalled networks that also employ SAV. We describe and test three novel attacks in this context: exfiltration via the firewall itself, exfiltration via a DMZ host, and exfiltration via co-resident containers. These are three generic, new use cases for covert channels that work around firewalling and enable devices that are not allowed direct communication with the Internet, to still exfiltrate data out of the network. In other words, we exfiltrate data from isolated networks to the Internet. We also explain how to mount known attacks such as host alias resolution, de-NATting and container co-residence detection, using the new information leakage techniques.

READ FULL TEXT
research
08/07/2019

Cross-Router Covert Channels

Many organizations protect secure networked devices from non-secure netw...
research
07/14/2020

Speculative Leakage in ARM Cortex-A53

The recent Spectre attacks have demonstrated that modern microarchitectu...
research
12/09/2019

Attacks on Dynamic Protocol Detection of Open Source Network Security Monitoring Tools

Protocol detection is the process of determining the application layer p...
research
06/14/2010

Outrepasser les limites des techniques classiques de Prise d'Empreintes grace aux Reseaux de Neurones

We present an application of Artificial Intelligence techniques to the f...
research
05/02/2022

HTTPA/2: a Trusted End-to-End Protocol for Web Services

We received positive feedback and inquiries on the previous work of HTTP...
research
12/30/2021

Quantum secure direct communication with private dense coding using general preshared quantum state

We study quantum secure direct communication by using a general preshare...
research
01/10/2022

The SEED Internet Emulator and Its Applications in Cybersecurity Education

In cybersecurity courses, it is quite challenging to do hands-on activit...

Please sign up or login with your details

Forgot password? Click here to reset