{"id":"https://openalex.org/W4416549439","doi":"https://doi.org/10.1145/3719027.3744888","title":"Off-Path TCP Exploits: PMTUD Breaks TCP Connection Isolation in IP Address Sharing Scenarios","display_name":"Off-Path TCP Exploits: PMTUD Breaks TCP Connection Isolation in IP Address Sharing Scenarios","publication_year":2025,"publication_date":"2025-11-19","ids":{"openalex":"https://openalex.org/W4416549439","doi":"https://doi.org/10.1145/3719027.3744888"},"language":null,"primary_location":{"id":"doi:10.1145/3719027.3744888","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3744888","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"conference-paper","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3719027.3744888","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101743396","display_name":"Xuewei Feng","orcid":"https://orcid.org/0000-0003-3736-6623"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xuewei Feng","raw_affiliation_strings":["Tsinghua University, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0003-3736-6623","affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5030816896","display_name":"Z. F. Li","orcid":"https://orcid.org/0009-0008-3890-8133"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhaoxi Li","raw_affiliation_strings":["Tsinghua University, Beijing, China"],"raw_orcid":"https://orcid.org/0009-0008-3890-8133","affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100350165","display_name":"Qi Li","orcid":"https://orcid.org/0000-0001-8776-8730"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qi Li","raw_affiliation_strings":["Tsinghua University, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0001-8776-8730","affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100400481","display_name":"Ziqiang Wang","orcid":"https://orcid.org/0000-0003-0216-4968"},"institutions":[{"id":"https://openalex.org/I76569877","display_name":"Southeast University","ror":"https://ror.org/04ct4d772","country_code":"CN","type":"education","lineage":["https://openalex.org/I76569877"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ziqiang Wang","raw_affiliation_strings":["Southeast University, Nanjing, China"],"raw_orcid":"https://orcid.org/0000-0003-0216-4968","affiliations":[{"raw_affiliation_string":"Southeast University, Nanjing, China","institution_ids":["https://openalex.org/I76569877"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026728546","display_name":"Kun Sun","orcid":"https://orcid.org/0000-0003-4152-2107"},"institutions":[{"id":"https://openalex.org/I162714631","display_name":"George Mason University","ror":"https://ror.org/02jqj7156","country_code":"US","type":"education","lineage":["https://openalex.org/I162714631"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kun Sun","raw_affiliation_strings":["George Mason University, Fairfax, Virginia, USA"],"raw_orcid":"https://orcid.org/0000-0003-4152-2107","affiliations":[{"raw_affiliation_string":"George Mason University, Fairfax, Virginia, USA","institution_ids":["https://openalex.org/I162714631"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100665814","display_name":"Ke Xu","orcid":"https://orcid.org/0000-0003-2587-8517"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ke Xu","raw_affiliation_strings":["Tsinghua University, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0003-2587-8517","affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"4574","last_page":"4587"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10651","display_name":"IPv6, Mobility, Handover, Networks, Security","score":0.40860000252723694,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10651","display_name":"IPv6, Mobility, Handover, Networks, Security","score":0.40860000252723694,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.17000000178813934,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10138","display_name":"Network Traffic and Congestion Control","score":0.14380000531673431,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/tcp-hole-punching","display_name":"TCP hole punching","score":0.722100019454956},{"id":"https://openalex.org/keywords/ip-address-management","display_name":"IP address management","score":0.6589000225067139},{"id":"https://openalex.org/keywords/network-address-translation","display_name":"Network address translation","score":0.5978000164031982},{"id":"https://openalex.org/keywords/ip-address","display_name":"Ip address","score":0.5745999813079834},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5156999826431274},{"id":"https://openalex.org/keywords/arp-spoofing","display_name":"ARP spoofing","score":0.5092999935150146},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.489300012588501},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.48660001158714294},{"id":"https://openalex.org/keywords/internet-protocol-suite","display_name":"Internet protocol suite","score":0.461899995803833},{"id":"https://openalex.org/keywords/nat-traversal","display_name":"NAT traversal","score":0.4560000002384186}],"concepts":[{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.7299000024795532},{"id":"https://openalex.org/C190362163","wikidata":"https://www.wikidata.org/wiki/Q7669759","display_name":"TCP hole punching","level":5,"score":0.722100019454956},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7218000292778015},{"id":"https://openalex.org/C201980515","wikidata":"https://www.wikidata.org/wiki/Q13219707","display_name":"IP address management","level":4,"score":0.6589000225067139},{"id":"https://openalex.org/C147873670","wikidata":"https://www.wikidata.org/wiki/Q11182","display_name":"Network address translation","level":4,"score":0.5978000164031982},{"id":"https://openalex.org/C2985371682","wikidata":"https://www.wikidata.org/wiki/Q11135","display_name":"Ip address","level":2,"score":0.5745999813079834},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5717999935150146},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5156999826431274},{"id":"https://openalex.org/C86255107","wikidata":"https://www.wikidata.org/wiki/Q296847","display_name":"ARP spoofing","level":5,"score":0.5092999935150146},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.489300012588501},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.48660001158714294},{"id":"https://openalex.org/C65567647","wikidata":"https://www.wikidata.org/wiki/Q81414","display_name":"Internet protocol suite","level":3,"score":0.461899995803833},{"id":"https://openalex.org/C113707754","wikidata":"https://www.wikidata.org/wiki/Q581558","display_name":"NAT traversal","level":5,"score":0.4560000002384186},{"id":"https://openalex.org/C2777735758","wikidata":"https://www.wikidata.org/wiki/Q817765","display_name":"Path (computing)","level":2,"score":0.42160001397132874},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.4099999964237213},{"id":"https://openalex.org/C2776599810","wikidata":"https://www.wikidata.org/wiki/Q4418000","display_name":"Network address","level":2,"score":0.3840999901294708},{"id":"https://openalex.org/C35341882","wikidata":"https://www.wikidata.org/wiki/Q8795","display_name":"Internet Protocol","level":3,"score":0.3799000084400177},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.3779999911785126},{"id":"https://openalex.org/C10790986","wikidata":"https://www.wikidata.org/wiki/Q442343","display_name":"IP tunnel","level":4,"score":0.3684999942779541},{"id":"https://openalex.org/C33588617","wikidata":"https://www.wikidata.org/wiki/Q8803","display_name":"Transmission Control Protocol","level":3,"score":0.35600000619888306},{"id":"https://openalex.org/C62611344","wikidata":"https://www.wikidata.org/wiki/Q1062658","display_name":"Node (physics)","level":2,"score":0.3375000059604645},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.33559998869895935},{"id":"https://openalex.org/C111814575","wikidata":"https://www.wikidata.org/wiki/Q550893","display_name":"IP address spoofing","level":5,"score":0.33169999718666077},{"id":"https://openalex.org/C174809319","wikidata":"https://www.wikidata.org/wiki/Q5973191","display_name":"IP forwarding","level":5,"score":0.32659998536109924},{"id":"https://openalex.org/C30305156","wikidata":"https://www.wikidata.org/wiki/Q8069697","display_name":"Zeta-TCP","level":4,"score":0.30790001153945923},{"id":"https://openalex.org/C67396069","wikidata":"https://www.wikidata.org/wiki/Q210214","display_name":"IPsec","level":3,"score":0.29910001158714294},{"id":"https://openalex.org/C63969886","wikidata":"https://www.wikidata.org/wiki/Q3536440","display_name":"Internet traffic","level":3,"score":0.29280000925064087},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.2773999869823456},{"id":"https://openalex.org/C169485995","wikidata":"https://www.wikidata.org/wiki/Q42283","display_name":"File Transfer Protocol","level":3,"score":0.2759000062942505},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.262800008058548},{"id":"https://openalex.org/C2777321455","wikidata":"https://www.wikidata.org/wiki/Q20484","display_name":"MAC address","level":2,"score":0.2599000036716461},{"id":"https://openalex.org/C2777672014","wikidata":"https://www.wikidata.org/wiki/Q1172573","display_name":"Web traffic","level":3,"score":0.2596000134944916},{"id":"https://openalex.org/C11392498","wikidata":"https://www.wikidata.org/wiki/Q11288","display_name":"Web server","level":3,"score":0.2531000077724457},{"id":"https://openalex.org/C157626507","wikidata":"https://www.wikidata.org/wiki/Q7935037","display_name":"Virtual routing and forwarding","level":5,"score":0.25189998745918274}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3719027.3744888","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3744888","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3719027.3744888","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3744888","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":21,"referenced_works":["https://openalex.org/W1590810061","https://openalex.org/W1867219652","https://openalex.org/W1920802909","https://openalex.org/W2031047917","https://openalex.org/W2041188073","https://openalex.org/W2081464537","https://openalex.org/W2117175761","https://openalex.org/W2239534643","https://openalex.org/W2274774510","https://openalex.org/W2291334853","https://openalex.org/W2293529464","https://openalex.org/W2790127834","https://openalex.org/W2889555490","https://openalex.org/W2985610488","https://openalex.org/W2988979713","https://openalex.org/W3007904168","https://openalex.org/W3204548492","https://openalex.org/W4225710959","https://openalex.org/W4243835522","https://openalex.org/W4299687996","https://openalex.org/W4391725267"],"related_works":[],"abstract_inverted_index":{"Path":[0],"MTU":[1,66],"Discovery":[2],"(PMTUD)":[3],"and":[4,198,225,244,246],"IP":[5,31,44,75,109,144,219],"address":[6,32,45,76,220],"sharing":[7,33,106],"are":[8],"integral":[9],"aspects":[10],"of":[11,29,98,126,152,161,181,188],"modern":[12],"Internet":[13],"infrastructure.":[14],"In":[15],"this":[16],"paper,":[17],"we":[18,210,231],"investigate":[19],"the":[20,27,64,85,95,107,114,124,127,142,149,153,159,172,202,234],"security":[21,125],"vulnerabilities":[22,48],"associated":[23],"with":[24,89,218],"PMTUD":[25,38],"within":[26,177],"context":[28],"prevalent":[30],"practices.":[34],"We":[35,59,156],"reveal":[36,170],"that":[37,49,61,171],"is":[39],"inadequately":[40],"designed":[41],"to":[42,53,116,206],"handle":[43],"sharing,":[46],"creating":[47],"attackers":[50],"can":[51,93,174],"exploit":[52],"perform":[54,117],"off-path":[55,82,118],"TCP":[56,99,119,129,138],"hijacking":[57,120],"attacks.":[58],"demonstrate":[60],"by":[62,69,102,147],"observing":[63],"path":[65],"value":[67],"determined":[68],"a":[70,73,90,136,185],"server":[71],"for":[72],"public":[74,222],"(shared":[77],"among":[78],"multiple":[79],"devices),":[80],"an":[81,178],"attacker":[83,115],"on":[84],"Internet,":[86],"in":[87],"collaboration":[88],"malicious":[91],"device,":[92],"infer":[94],"sequence":[96,150],"numbers":[97,151],"connections":[100],"established":[101],"other":[103],"legitimate":[104],"devices":[105],"same":[108],"address.":[110],"This":[111],"vulnerability":[112],"enables":[113],"attacks,":[121],"significantly":[122],"compromising":[123],"affected":[128],"connections.":[130],"Our":[131],"attack":[132,163,173,213],"involves":[133],"first":[134],"identifying":[135],"target":[137],"connection":[139],"originating":[140],"from":[141,238],"shared":[143],"address,":[145],"followed":[146],"inferring":[148],"identified":[154],"connection.":[155],"thoroughly":[157],"assess":[158],"impacts":[160],"our":[162,212,248],"under":[164],"various":[165,207],"network":[166],"configurations.":[167],"Experimental":[168],"results":[169],"be":[175],"executed":[176],"average":[179],"time":[180],"220":[182],"seconds,":[183],"achieving":[184],"success":[186],"rate":[187],"70%.":[189],"Case":[190],"studies,":[191],"including":[192],"SSH":[193],"DoS,":[194],"FTP":[195],"traffic":[196],"poisoning,":[197],"HTTP":[199],"injection,":[200],"highlight":[201],"threat":[203],"it":[204],"poses":[205],"applications.":[208],"Additionally,":[209],"evaluate":[211],"across":[214],"50":[215],"real-world":[216],"networks":[217],"sharing---including":[221],"Wi-Fi,":[223],"VPNs,":[224],"5G---and":[226],"find":[227],"38":[228],"vulnerable.":[229],"Finally,":[230],"responsibly":[232],"disclose":[233],"vulnerabilities,":[235],"receive":[236],"recognition":[237],"organizations":[239],"such":[240],"as":[241],"IETF,":[242],"Linux,":[243],"Cisco,":[245],"propose":[247],"countermeasures.":[249]},"counts_by_year":[],"updated_date":"2026-07-15T18:14:33.161393","created_date":"2025-11-23T00:00:00"}
