Oct. 11, 2022, 1:20 a.m. | Moshe Kol, Amit Klein, Yossi Gilad

cs.CR updates on arXiv.org arxiv.org

We describe a tracking technique for Linux devices, exploiting a new TCP
source port generation mechanism recently introduced to the Linux kernel. This
mechanism is based on an algorithm, standardized in RFC 6056, for boosting
security by better randomizing port selection. Our technique detects collisions
in a hash function used in the said algorithm, based on sampling TCP source
ports generated in an attacker-prescribed manner. These hash collisions depend
solely on a per-device key, and thus the set of collisions …

algorithm device device tracking linux port tcp tracking version

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

Information Systems Security Officer (ISSO) (Remote within HR Virginia area)

@ OneZero Solutions | Portsmouth, VA, USA

Security Analyst

@ UNDP | Tripoli (LBY), Libya

Senior Incident Response Consultant

@ Google | United Kingdom

Product Manager II, Threat Intelligence, Google Cloud

@ Google | Austin, TX, USA; Reston, VA, USA

Cloud Security Analyst

@ Cloud Peritus | Bengaluru, India