TCP Injection Attacks in the Wild - A Large Scale Study

Explore a comprehensive analysis of TCP injection attacks in this 39-minute Black Hat conference talk. Delve into a large-scale survey of Internet traffic examining false content injections on the web, covering over 1.5 Peta-bits of data from more than 1.5 million distinct IP addresses. Learn about commercial and non-commercial injections, including advertisements and malware, practiced by network operators. Discover the methods used to detect these out-of-band TCP injections and understand their impact on potentially all Internet users. Examine specific injection cases, including a targeted attack against an American website, and gain insights into the identities and motivations of the injectors. Explore a novel client-side tool designed to mitigate such attacks with minimal performance impact. Gain valuable knowledge about TCP injection definitions, detection methods, and the distinction between edge and non-edge network operator injections.

Intro
INTRODUCTION
TCP INJECTION - DEFINITION
TCP INJECTION IS NOT NEWI
TCP INJECTION - MODUS OPERANDI
TCP INJECTION DETECTION
OUT-OF-BAND INJECTIONS
AD INJECTION
EDGE VS. NON-EDGE NETWORK OPERATOR INJECTIONS
'JIATHIS' INJECTION
MALICIOUS INJECTION
'GPWA INJECTION (CONT.)
NON-COMMERCIAL INJECTIONS
REPRODUCING THE INJECTIONS
WHO ARE BEHIND THE
INJECTIONS (CONT.)
THE SUSPICIOUS AUTONOMOUS SYSTEMS
CLIENT-SIDE MITIGATIONS (CONT.)
TO CONCLUDE - BLACK HAT SOUND BYTES