Vulnerability Analysis Results

This site serves for providing detailed packet injection vulnerability analysis results for CCS 2015 paper "Static Detection of Packet Injection Vulnerabilities -- A Case for Identifying Attacker-controlled Implicit Information Leaks".

In our experiments, we apply our tool, PacketGuardian to 6 real network protocol implementations, including Linux TCP, SCTP, DCCP, and 3 variants of open source RTP protocol implementations, oRTP, PJSIP, and VLC, and we are able to identify a set of new vulnerabilities not previously reported. Here are some result highlights:
  • For Linux TCP implementation, our tool identifies 17 high-entropy protocol state leakage (16 new)
    • Found 4 high-entropy leakage of rcv_nxt protocol state, which reduces the # of packets needed for a close-channel packet injection from (2^32) to only 32
      • See vulnerability details here
    • Found 13 new high-entropy leakage of snd_nxt/una protocol state, which reduces the # of packets needed for an inject-payload packet injection from (2^32/rcv_wnd * 2^32/snd_wnd) to only 64.
      • See vulnerability details here

  • For the 3 variants of open source RTP protocol implementations, 2 can be compromised by injecting less than 51 packets while the 3rd one is not susceptible
  • For Linux SCTP implementation,


For detailed experimental setup, complete results and analysis, follow the links below: