Papers - jhu-information-security-institute/NwSec GitHub Wiki

Please see our Canvas page for the course to download papers mentioned below.

Motivations and Background

  • 1985, Morris, A Weakness in the 4.2BSD Unix TCP/IP Software
  • 1988, Spafford, The Internet Worm Program: An Analysis, Technical Report CSD-TR-823, Purdue University
  • 1989, Bellovin and Hill, Security Problems in the TCP/IP Protocol Suite, ACM SIGCOMM Computer Communication Review, Vol. 19, No. 2, pp. 32-48
  • 1993, Schuba, ADDRESSING WEAKNESSES IN THE DOMAIN NAME SYSTEM PROTOCOL, Purdue University
  • 1995, Joncheray, Simple Active Attack Against TCP, Proceedings of the Fifth USENIX UNIX Security Symposium
  • 1997, Schuba et al., Analysis of a Denial of Service Attack on TCP, IEEE Symposium on Security and Privacy
  • 1997, Guha and Mukherjee, Network security via reverse engineering of TCP code: Vulnerability analysis and proposed solutions, IEEE Network, Vol. 11, No. 4, pp. 40-48
  • 1998, Ptacek and Newsham, Insertion, evasion, and denial of service: Eluding network intrusion detection, Secure Networks Inc.
  • 2001, Norris, Analysis of a Telnet Session Hijack via Spoofed MAC Addresses and Session Resynchronization, Citeseer
  • 2003, Spangler, Packet Sniffing on Layer 2 Switched Local Area Networks, Packetwatch Research
  • 2003, Stewart, DNS Cache Poisoning – The Next Generation, secureworks.com
  • 2004, Watson, SLIPPING IN THE WINDOW: TCP RESET ATTACKS, CanSecWest
  • 2004, Bellovin, A Look Back at “Security Problems in the TCP/IP Protocol Suite”, IEEE Computer Security Applications Conference
  • 2006, Gont, ICMP attacks against TCP, RFC 5927
  • 2006, Murphy, BGP Security Vulnerabilities Analysis, RFC 7272
  • 2006, Liang et al., The Index Poisoning Attack in P2P File Sharing Systems, INFOCOM
  • 2006, Naoumov and Ross, Exploiting P2P Systems for DDoS Attacks, ACM Proceedings of Scalable information systems
  • Kaminsky bug, Illustrated guide and Duo article
  • 2011, Nakibly et al., Owning the Routing Table – New OSPF Attacks, BlackHat
  • 2012, Nakibly et al., Persistent OSPF Attacks, Network and Distributed System Security (NDSS) Symposium
  • 2012, Sheldon et al., The Insecurity of Wireless Networks, IEEE Security and Privacy, Vol. 10, No. 4, pp. 54-61
  • 2013, Nakibly et al., Owning the Routing Table - Part II, BlackHat
  • 2013, Barisani and Bianco, Fully arbitrary 802.3 packet injection: Maximizing the Ethernet attack surface, BlackHat
  • 2017, Sahin et al., SoK: Fraud in Telephony Networks, IEEE European Symposium on Security and Privacy
  • 2017, Song et al., Novel Attacks in OSPF Networks to Poison Routing Table, IEEE Communication and Information Systems Security Symposium
  • 2018, Hu and Wang, Revisiting Email Spoofing Attacks, arXiv:1801.00853
  • 2021, Bruneau, DNS Sinkhole, SANS Institute
  • 2023, Zetter, The Untold Story of the Boldest Supply-Chain Hack Ever, Wired