
The transmission control protocol/Internet protocol (TCP/IP) suite has been the backbone of the Internet since the 1970s. This suite of protocols operates in five distinct layers; however, the Internet control message protocol (ICMP) in the Internet layer--and used for reporting errors and management queries--can induce cross-layer interactions within the TCP/IP stack, exposing vulnerabilities that can be used by attackers.
Feng et al. discuss how these interactions are vulnerable to off-path attacks. They discuss issues such as information leakage, the manipulation of IP packet IDs to establish side channels for the injection of fake TCP packets, resetting encrypted transport layer security (TLS) connections (effectively, a denial-of-service attack), and the manipulation of the path maximum transmission unit discovery (PMTUD) process to inject fake TCP fragments in order to poison TCP connections.
Findings also cover common Wi-Fi access point router limitations based on their network processing unit (NPU) being unable to verify the authenticity of Wi-Fi packets, making them vulnerable to identity deception and unable to block forged ICMP redirects. The authors also describe their experimental survey of Internet websites, discovering that a large number were vulnerable to DoS attacks through the semantic-gap vulnerability in the ICMP error message’s legitimacy check mechanism.
Feng et al. suggest countermeasures and include their conclusions and thorough references. The article is an interesting investigation into an important area of Internet security that deserves continued work.