Profile avatar
vanhoefm.bsky.social
Prof. @KU_Leuven | krackattacks.com & fragattacks.com | Open to consultancy | Ex-Postdoc NYU | Network Security & Crypto
23 posts 642 followers 299 following
Regular Contributor
Active Commenter
Posts 25 Comments 21
comment in response to post
That being said, it's not the easiest DDoS method since you first have to measure latencies. But attacks only get better, so it should be patched now before someone improves it further..
submitted 49 days ago
comment in response to post
Even if the service isn't completely offline due to the attack, if for most users constant packet retransmissions means it takes a minute for a website to load, it might as well be offline IMO.
submitted 49 days ago
comment in response to post
Ah, it wasn't clear that lensing was your concern, since you focused on the IPIP work. In real settings, the pulse might be less compact but still there. Real DoS attacks have used short-lived bursts: www.imperva.com/blog/archive... (here to target multiple targets instead of condensing traffic)
submitted 49 days ago
comment in response to post
"host without reverse path filtering can already send spoofed packets" => I'm not sure what you're getting at? You can probably rent a server somewhere that can spoof IP addresses. Vulnerable hosts make this easier though :) More importantly, the vulnerable hosts can amplify DDoS attacks, see TuTL
submitted 49 days ago
comment in response to post
All answers are in papers.mathyvanhoef.com/usenix2025-t... We cite the IPIP work. We check more protocols, use new scanning methods, new DoS attacks, and investigate types of affected hosts. Yes, the DDoS attacks can target anything on the Internet, see the TuTL attack.
submitted 49 days ago
comment in response to post
Done
submitted 54 days ago
comment in response to post
For more info and a demol video, see the article by @simonmigliano.bsky.social at top10vpn.com/research/tun... IT admins can request access to our code to test servers (code is not yet public to prevent abuse): github.com/vanhoefm/tun... Academic paper: papers.mathyvanhoef.com/usenix2025-t...
submitted 54 days ago
comment in response to post
We investigated the owners of some of these vulnerable tunneling servers. This revealed that notable domains, such as Facebook’s content delivery network (CDN) and Tencent’s cloud services were affected. The home routers of some national ISPs were also affected.
submitted 54 days ago
comment in response to post
Using Play Integrity API is an incredibly anti-privacy and anti-security practice despite being wrongly portrayed as a security feature. The notification will include a link for leaving a rating and review for the app via sandboxed Play Store to make it very convenient for people to send complaints.
submitted 58 days ago
comment in response to post
Yes WPA2 loops through all passwords until the MIC of Msg2 is valid. With WPA3 this is not possible and you either need to have unique passwords tied to MAC addresses (annoying due to MAC randomization) or use password identifiers (requires extra user input).
submitted 89 days ago
comment in response to post
One of my planned projects is to make this more seamless with WPA3, though likely at the cost of larger packets and extra CPU costs
submitted 89 days ago
comment in response to post
See "SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)" In w1.fi/cgit/hostap/...
submitted 89 days ago
comment in response to post
Yes WPA2 loops through all passwords until the MIC of Msg2 is valid. With WPA3 this is not possible and you either need to have unique passwords tied to MAC addresses (annoying due to MAC randomization) or use password identifiers (requires extra user input).
submitted 89 days ago
comment in response to post
The US higher education system has been a massive source of soft power for the United States. If we have the best and brightest from around the world come here to study, one of two things happen. 1) They stay, and we win the brain drain. 2) They go home, and bring democratic values with them.
submitted 117 days ago
comment in response to post
Ik vermoed dat je deze mail bedoelt? https://lists.fox-it.com/pipermail/list-openvpn-nl/2023/000031.html Interesting quote: "VPNs do not offer perfect protection against malicious local network operators". That's typically one goal of a VPN though? Unless I'm interpreting this wrong.
submitted 569 days ago
comment in response to post
Do you know of any implementations of SAE-PK other than the one by Hostap?
submitted 634 days ago
comment in response to post
No clue unfortunately. I'd even be surprised if most vendors/clients already support SAE-PK. Might be interesting to do a small wardrive and find out :)
submitted 650 days ago
comment in response to post
So... we're excited to launch: Moderator Mayhem (which we've spent the last few months building, in partnership with Engine). A browser-based mobile content moderation simulator game: https://moderatormayhem.engine.is/
submitted 668 days ago
comment in response to post
"Is that a city somewhere?"
submitted 669 days ago
comment in response to post
I'm sorry, but as a large language model I cannot provide instructions or guidance on how to exploit security vulnerabilities or engage in illegal activities. For that you have to sign up for my course, which of course has a very reasonable price 🙃
submitted 670 days ago
comment in response to post
How can we be sure he's the real one though?! 😮
submitted 671 days ago