TCP SYN Cookie Vulnerability
This addresses a security flaw in a widely used TCP mechanism, potentially impacting network security and reliability.
The paper identifies a vulnerability in TCP SYN Cookies, which were designed to mitigate DoS attacks by avoiding server storage for half-open connections, allowing attackers to guess the initial sequence number to spoof connections or plant false logs.
TCP SYN Cookies were implemented to mitigate against DoS attacks. It ensured that the server did not have to store any information for half-open connections. A SYN cookie contains all information required by the server to know the request is valid. However, the usage of these cookies introduces a vulnerability that allows an attacker to guess the initial sequence number and use that to spoof a connection or plant false logs.