Detecting QUANTUMINSERT

Post Reply
User avatar
Pigeon
Posts: 18055
Joined: Thu Mar 31, 2011 3:00 pm

Detecting QUANTUMINSERT

Post by Pigeon » Fri May 08, 2015 7:25 pm

Detecting QUANTUMINSERT - detecting Mam-in-the-side attacks

But hidden within another document leaked by Snowden was a slide that provided a few hints about detecting Quantum Insert attacks, which prompted the Fox-IT researchers to test a method that ultimately proved to be successful. They set up a controlled environment and launched a number of Quantum Insert attacks against their own machines to analyze the packets and devise a detection method.

According to the Snowden document, the secret lies in analyzing the first content-carrying packets that come back to a browser in response to its GET request. One of the packets will contain content for the rogue page; the other will be content for the legitimate site sent from a legitimate server. Both packets, however, will have the same sequence number. That, it turns out, is a dead giveaway.

Here's why: When your browser sends a GET request to pull up a web page, it sends out a packet containing a variety of information, including the source and destination IP address of the browser as well as so-called sequence and acknowledge numbers, or ACK numbers. The responding server sends back a response in the form of a series of packets, each with the same ACK number as well as a sequential number so that the series of packets can be reconstructed by the browser as each packet arrives to render the web page.

But when the NSA or another attacker launches a Quantum Insert attack, the victim's machine receives duplicate TCP packets with the same sequence number but with a different payload. "The first TCP packet will be the 'inserted' one while the other is from the real server, but will be ignored by the [browser]," the researchers note in their blog post. "Of course it could also be the other way around; if the QI failed because it lost the race with the real server response."

Although it's possible that in some cases a browser will receive two packets with the same sequence number from a legitimate server, they will still contain the same general content; a Quantum Insert packet, however, will have content with significant differences.

Link


User avatar
Royal
Posts: 10562
Joined: Mon Apr 11, 2011 5:55 pm

Re: Detecting QUANTUMINSERT

Post by Royal » Wed Jun 29, 2016 4:14 am

Achernar /ˈeɪkərnɑːr/ (α Eri, α Eridani, Alpha Eridani), sometimes spelled Achenar, is the brightest star in the constellation Eridanus and the tenth-brightest star in the night sky. Of the ten apparent brightest stars in the nighttime sky, Achernar is the hottest and bluest in color, being of spectral type B.[nb 1] Lying at the southern tip of Eridanus, the star has an unusually rapid rotational velocity, causing it to become oblate in shape. Achernar is actually a binary star system,[6] with the second star known as Achernar B. The second star is smaller and orbits Achernar A at a distance of roughly 12 astronomical units (AU). Achernar B is of spectral type A.

User avatar
Pigeon
Posts: 18055
Joined: Thu Mar 31, 2011 3:00 pm

Re: Detecting QUANTUMINSERT

Post by Pigeon » Wed Jun 29, 2016 4:33 am

The Eridani pirates are the worst, per spacepigeon.org. Keep you distance.

User avatar
Royal
Posts: 10562
Joined: Mon Apr 11, 2011 5:55 pm

Re: Detecting QUANTUMINSERT

Post by Royal » Wed Jun 29, 2016 4:39 am

They took interest to my late night smoke.

User avatar
Pigeon
Posts: 18055
Joined: Thu Mar 31, 2011 3:00 pm

Re: Detecting QUANTUMINSERT

Post by Pigeon » Wed Jun 29, 2016 4:44 am

I hear they prefer Pall Mall.

User avatar
Pigeon
Posts: 18055
Joined: Thu Mar 31, 2011 3:00 pm

Re: Detecting QUANTUMINSERT

Post by Pigeon » Wed Jun 29, 2016 4:59 am

Have you seen any odd things in the night sky lately.

User avatar
Royal
Posts: 10562
Joined: Mon Apr 11, 2011 5:55 pm

Re: Detecting QUANTUMINSERT

Post by Royal » Wed Jun 29, 2016 5:07 am

There was a normal opening in the sky with one star perfectly centered. Seconds after noticing, a flash, popping noise from the busy area blocks away.

Interested in the star, I downloaded a star app to lookup the star that was there. It's presumed to be Achernar of the Eridanus System.

User avatar
Pigeon
Posts: 18055
Joined: Thu Mar 31, 2011 3:00 pm

Re: Detecting QUANTUMINSERT

Post by Pigeon » Wed Jun 29, 2016 5:13 am

Achernar is a very peculiar star because it is one of the flattest stars known. Observations indicate that its radius is about 50% larger at the equator than at the poles. This distortion occurs because the star is spinning extremely rapidly.

The Eridanus Supervoid is a large supervoid (an area of the universe devoid of galaxies) discovered as of 2007. At a diameter of about one billion light years it is the second largest known void, superseded only by the Giant Void in Canes Venatici. It was discovered by linking a "cold spot" in the cosmic microwave background to an absence of radio galaxies in data of the United States National Radio Astronomy Observatory's Very Large Array Sky Survey. There is some speculation that the void may be due to quantum entanglement between our universe and another.

Interesting.

User avatar
Royal
Posts: 10562
Joined: Mon Apr 11, 2011 5:55 pm

Re: Detecting QUANTUMINSERT

Post by Royal » Wed Jun 29, 2016 5:23 am

The rabbit hole... widens?

Post Reply