What's new

SnailLoad TCP/IP Attack

  • Thread starter Deleted member 77025
  • Start date
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

D

Deleted member 77025

Guest
SnailLoad exploits a bottleneck present on all Internet connections.
This bottleneck influences the latency of network packets, allowing an attacker to infer the current network activity on someone else's Internet connection.
An attacker can use this information to infer websites a user visits or videos a user watches.

Am I affected by this bug? Should I worry?
We believe that most Internet connections are affected. However, at this time it is unlikely that SnailLoad is exploited in the wild. SnailLoad exploits bandwidth bottlenecks close to your device. Typically, the bandwidth bottleneck is your personal internet connection, as it has a much lower bandwidth than backbone infrastructure. Our user-study with 10 home internet connections shows that our video-fingerprinting attack works on all of the tested connections, with varying accuracies between 37% and 98%.
My router does not respond to pings, am I safe?
No, because TCP ACKs carry the same information.

Why can't we disable TCP ACKs?
ACKs are fundamental for reliable data transmission via TCP. When transmitting TCP packets, the sender expects the receiver to send ACKs to confirm that the packet arrived. This ensures that packets are retransmitted if they are lost. Removing the ACK mechanism from the TCP protocol would effectively remove its reliability guarantee and hence its core feature. Apart from that, changing the behavior of an ubiquitous protocol like TCP is just impractical for compatibility reasons.

What about mitigations?
Mitigating SnailLoad is not trivial. The root cause of SnailLoad are bandwidth differences between backbone and end-user connections. To provide a suitable bandwidth to multiple users simultaneously, the backbone network infrastructure has to have a higher bandwidth than the connections of the individual users. Hence, the root cause cannot be eliminated and further research is necessary to find satisfying solutions.

Why is it called SnailLoad?
The attack masquerades as a download of a file or any website component (like a style sheet, a font, an image or an advertisement). The attacking server sends out the file at a snail's pace, to monitor the connection latency over an extended period of time. Apart from being slow, SnailLoad, just like a snail, leaves traces and is a little bit creepy.

Source:
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top