TCP injection attacks in the wild: A large scale case study
In this work we present a massively large-scale survey of Internet traffic that studies the practice of false content injections on the web. We examined more than 1.5 Peta-bits of data from over 1.5 million distinct IP addresses. Earlier this year we have shown that false content injection is practiced by network operators for commercial purposes. These network operators inject advertisements and malware into webpages viewed by potentially ALL users on the Internet.
In this presentation we recap the injections we discovered earlier this year and show them in detail. Additionally, we shall show new types of non-commercial injections, identify the injectors behind them and discuss their modi operandi. Finally, we shall discuss in detail analysis of a targeted injection attack against an American website.
The attacks we discovered are done using out-of-band TCP injection of false packets (rather than in-band alteration of the original packets). This is what actually allowed us to detect the injection events in the first place. We also present a novel client-side tool to mitigate such attacks that has minimal performance impact.
Speakers
Gabi Nakibly
Gabi Nakibly is a network security research leader at the National Cyber and Electronics Research Center at Rafael Advanced Defense Systems (an aerospace and defense company). Gabi has a track record of more than a decade of high-end security research. He holds a PhD in computer science (Technion) and is an adjunct lecturer and researcher at the Technion. Gabi was a visiting scholar at Stanford University and is an active speaker at top security conferences: Black Hat USA, Black Hat Europe, RSA Conference.
Detailed Presentation:
Comments