Count Me If You Can: Enumerating QUIC Servers Behind Load Balancers

Kashyap Thimmaraju; Björn Scheuermann

doi:10.14279/tuj.eceasst.80.1172

Count Me If You Can: Enumerating QUIC Servers Behind Load Balancers

Authors

Kashyap Thimmaraju Humboldt Universität zu Berlin
Björn Scheuermann Humboldt Universität zu Berlin

DOI:

https://doi.org/10.14279/tuj.eceasst.80.1172

Abstract

QUIC is a new transport protocol over UDP which is recently became an IETF RFC. Our security analysis of the Connection ID mechanism in QUIC reveals that the protocol is underspecified. This allows an attacker to count the number of server instances behind a middlebox, e.g., a load balancer. We found 4/15 (~25%) implementations vulnerable to our enumeration attack. We then concretely describe how an attacker can count the number of instances behind a load balancer that either uses Round Robin or Hashing.

Downloads

Published

2021-09-08

How to Cite

[1]

K. Thimmaraju and B. Scheuermann, “Count Me If You Can: Enumerating QUIC Servers Behind Load Balancers”, eceasst, vol. 80, Sep. 2021.

Download Citation

Issue

Vol. 80 (2021): Conference on Networked Systems 2021 (NetSys 2021)

Section

Articles

License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Count Me If You Can: Enumerating QUIC Servers Behind Load Balancers

Authors

DOI:

Abstract

Downloads

Published

How to Cite

Issue

Section

License

Information

Usage Statistics Information