Weaponizing Network Side Channels: From TCP Hijacking to DNS Cache Poisoning

Side channel attacks were never considered as part of the threat model when network protocols were designed. Even today, the impact of network side channels is vastly underestimated. Exploiting network side channels have been considered challenging, if not infeasible, due to its nature of being remote. In this talk, I will demonstrate a series of surprisingly powerful attacks where a blind off-path attacker can use side channels to hijack arbitrary remote TCP connections, as well as launch DNS cache poisoning attacks against popular DNS services. I will also give insights on how to systematically discover such problems.