High Quality
Open the downloaded document, and select print from the file menu (PDF reader required).
copyright IOActive, Inc. 2006, all rightsreserved.
Staring Into The AbyssRevisiting Browser vs. MiddleboxAttacks In The Era Of Deep PacketInspectionDan KaminskyDirector of Penetration TestingIOActive, Inc.
Introduction
•Hi! I’m Dan.•Once upon a time, my talks were referred to as“Black Ops of TCP/IP” –These were fun talks! –Lets do more of that!
Context: The Rise of DPI
•Deep Packet Inspection: The attempt to extract endpoint contextfrom network traffic –This is always an attempt – only a very small percentage of what’s going on, hits the wire –Admittedly, an important percentage
•DPI is on the verge of a revolution –Hardware is getting much faster •Can be deployed at carrier network head ends –Software is getting much deeper •Can extract full GMail messages from a series of differentialAJAX updates (Narus) –Need (well, demand) is increasing•Legitimate – DDoS mitigation, larger scale firewalling, etc.
Sections
« prev | next »- Introduction
- Context: The Rise of DPI
- Is There Risk?
- Enter The Browser
- Browser Sockets
- Browser Socket Policy
- The Gap
- NAT Design
- Looking at FTP
- Context Gap
- We keep forgetting
- Wherefore Art Thou Local IP?
- NAT Suppressed
- Olsson’s Trick
- A Better Way
- My Trick
- What To Do About PORT?
- Who Said We Needed Sockets?
- POST History
- Analyzing Other Protocols
- Other Protocol Data
- Several Interesting Protocols
- Yes, that’s any address
- And Again, With Comments
- This isn’t a bug
- To Be Fair, This Isn’t Universal
- Vaguely Reminiscent
- Transparent Proxies Blinded
- Two Good Caching Policies
- One Terrifying Cache Policy
- Same Origin Policy Bypass
- Arbitrary TCP
- An Underlying Theme
- Not That It Matters
- Fingerprinting ALG’s
- Takeaways[0]
- Takeaways[1]
- Fixing Sockets?
- Fixing Proxies
- Seriously, home routers
- Is that it?
- O HAI CONGESTION COLLAPSE
- Can We Get TCP NAT2NAT?
- An Idea
- Conclusions
Add a Comment