Zum Inhalt springen

Count Me If You Can: Enumerating QUIC Servers Behind Load Balancers

Author: Thimmaraju, K., & Scheuermann, B.
Published in: NetSys ’21: Conference on Networked Systems / Electronic Communications of the EASST, 80
Year: 2021
Type: Academic articles
DOI: http://dx.doi.org/10.14279/tuj.eceasst.80.1172

QUIC is a new transport protocol over UDP which is recently became an IETF RFC. Our security analysis of the Connection ID mechanism in QUIC reveals that the protocol is underspecified. This allows an attacker to count the number of server instances behind a middlebox, e.g., a load balancer. We found 4/15 (~25%) implementations vulnerable to our enumeration attack. We then concretely describe how an attacker can count the number of instances behind a load balancer that either uses Round Robin or Hashing.

Visit publication

Publication

Connected HIIG researchers

Björn Scheuermann, Prof. Dr.

Assoziierter Forschungsdirektor

Aktuelle HIIG-Aktivitäten entdecken

Forschungsthemen im Fokus

Das HIIG beschäftigt sich mit spannenden Themen. Erfahren Sie mehr über unsere interdisziplinäre Pionierarbeit im öffentlichen Diskurs.