7 votes Weaponizing Middleboxes for TCP Reflected Amplification Posted September 16, 2021 by Happy_Shredder Tags: internet, censorship, cyberweapons https://geneva.cs.umd.edu/posts/usenix21-weaponizing-censors/ Link information This data is scraped automatically and may be incorrect. Published Aug 12 2021 Word count 2836 words 2 comments Collapse replies Expand all Comments sorted by most votes newest first order posted relevance OK Happy_Shredder (OP) September 16, 2021 Link Summary: We discover a new way that attackers could launch reflected denial of service (DoS) amplification attacks over TCP by abusing middleboxes and censorship infrastructure. These attacks can produce orders of magnitude more amplification than existing UDP-based attacks. This is the first reflected amplification attack over TCP that goes beyond sending SYN packets and the first HTTP-based reflected amplification attack. We found multiple types of middlebox misconfiguration in the wild that can lead to technically infinite amplification for the attacker: by sending a single packet, the attacker can initiate an endless stream of packets to the victim. Collectively, our results show that censorship infrastructure poses a greater threat to the broader Internet than previously understood. Even benign deployments of firewalls and intrusion prevention systems in non-censoring nation-states can be weaponized using the techniques we discovered. 1 vote FlippantGod September 16, 2021 Link Oh, they targeted implementations of TCP, rather than the protocol itself. I was wondering how they spoofed ACK. Oh, they targeted implementations of TCP, rather than the protocol itself. I was wondering how they spoofed ACK.