Page MenuHomeFreeBSD

tcp: mitigate a side channel for detection of TCP connections
ClosedPublic

Authored by tuexen on Aug 4 2025, 6:20 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Jul 14, 11:43 PM
Unknown Object (File)
Mon, Jul 13, 12:29 AM
Unknown Object (File)
Sun, Jul 12, 2:00 PM
Unknown Object (File)
Fri, Jul 10, 4:53 AM
Unknown Object (File)
Tue, Jul 7, 10:55 PM
Unknown Object (File)
Fri, Jun 26, 10:44 PM
Unknown Object (File)
Wed, Jun 24, 6:13 PM
Unknown Object (File)
Mon, Jun 22, 5:29 PM

Details

Summary

If a blind attacker wants to guess by sending ACK segments if there exists a TCP connection , this might trigger a challenge ACK on an existing TCP connection. To make this hit non-observable for the attacker, also increment the global counter, which would have been incremented if it would have been a non-hit.
This issue was reported as issue number 11 in Keyu Man et al.: SCAD: Towards a Universal and Automated Network Side-Channel Vulnerability Detection

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable