Skip to content

A PoC demonstrating techniques exploiting CVE-2016-5696 Off-Path TCP Exploits: Global Rate Limit Considered Dangerous

Notifications You must be signed in to change notification settings

Gnoxter/mountain_goat

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Hi, I'm a mountain goat and I'm going to ram your TCP connections, because that's a pretty goat thing to do.

Me doing goat things

This is a PoC demonstrating techniques exploiting CVE-2016-5696 Off-Path TCP Exploits: Global Rate Limit Considered Dangerous by Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, Srikanth V. Krishnamurthy, Lisa M. Marvel presented at USENIX 25th Security Symposium.

This is not a complete implementation of the traffic injection attack. Its merely an implementation up to the inference of the current clients sequence number window. Due to the timing dependend nature it may need additional tuning depening on the host to properly function.

THE SOFTWARE IS FOR EDUCATIONAL AND RESEARCH PURPOSES. IT MAY CAUSE UNEXPECTED AND UNDESIRABLE BEHAVIOUR TO OCCUR AND MAY DISTRUPT NORMAL OPERATION OF MACHINES AND NETWORK EQUIPMENT. IT IS THE USERS RESPONSIBILITY TO ENSURE AN EDQUATE ENVIRONMENT THAT DOES NOT AFFECT ANY THIRD PARTY.

THE SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSE OR IMPLIED WARRANTIES INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

About

A PoC demonstrating techniques exploiting CVE-2016-5696 Off-Path TCP Exploits: Global Rate Limit Considered Dangerous

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published