{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,18]],"date-time":"2025-12-18T14:30:35Z","timestamp":1766068235274,"version":"3.46.0"},"reference-count":73,"publisher":"Association for Computing Machinery (ACM)","issue":"6","funder":[{"name":"ASU Biodesign Institute, and the National Science Foundation","award":["CCF-2312537"],"award-info":[{"award-number":["CCF-2312537"]}]},{"DOI":"10.13039\/100000185","name":"DARPA","doi-asserted-by":"crossref","award":["N6600120C4020"],"award-info":[{"award-number":["N6600120C4020"]}],"id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"crossref"}]},{"name":"National Science Foundation","award":["CNS-2141547"],"award-info":[{"award-number":["CNS-2141547"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2026,4,30]]},"abstract":"\n The battle for a more secure Internet is waged on many fronts, including the most basic of networking protocols. Our focus is the\n IPv4 Identifier<\/jats:italic>\n (IPID), an IPv4 header field as old as the Internet with an equally long history as an exploited side channel for scanning network properties, inferring off-path connections, and poisoning DNS caches. This article taxonomizes the 25-year history of IPID-based exploits and the corresponding changes to IPID selection methods. By mathematically analyzing these methods\u2019 correctness and security and empirically evaluating their performance, we reveal recommendations for best practice as well as shortcomings of current operating system implementations, emphasizing the value of systematic evaluations in network security.\n <\/jats:p>","DOI":"10.1145\/3776582","type":"journal-article","created":{"date-parts":[[2025,11,13]],"date-time":"2025-11-13T11:30:42Z","timestamp":1763033442000},"page":"1-37","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["A Taxonomy and Comparative Analysis of IPv4 Identifier Selection Correctness, Security, and Performance"],"prefix":"10.1145","volume":"58","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7294-5626","authenticated-orcid":false,"given":"Joshua J.","family":"Daymude","sequence":"first","affiliation":[{"name":"School of Computing and Augmented Intelligence and Biodesign Center for Biocomputing, Security and Society, Arizona State University","place":["Tempe, United States"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-3175-2029","authenticated-orcid":false,"given":"Antonio M.","family":"Espinoza","sequence":"additional","affiliation":[{"name":"College of Science, Technology, Engineering, and Mathematics, Eastern Washington University","place":["Spokane, United States"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-3570-5120","authenticated-orcid":false,"given":"Holly","family":"Bergen","sequence":"additional","affiliation":[{"name":"School of Computing and Augmented Intelligence and Biodesign Center for Biocomputing, Security and Society, Arizona State University","place":["Tempe, United States"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4670-4578","authenticated-orcid":false,"given":"Benjamin","family":"Mixon-Baca","sequence":"additional","affiliation":[{"name":"School of Computing and Augmented Intelligence and Biodesign Center for Biocomputing, Security and Society, Arizona State University","place":["Tempe, United States"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-6239-9725","authenticated-orcid":false,"given":"Jeffrey","family":"Knockel","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Bowdoin College","place":["Brunswick, United States"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7864-2992","authenticated-orcid":false,"given":"Jedidiah R.","family":"Crandall","sequence":"additional","affiliation":[{"name":"School of Computing and Augmented Intelligence and Biodesign Center for Biocomputing, Security and Society, Arizona State University","place":["Tempe, United States"]}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,12,9]]},"reference":[{"key":"e_1_3_3_2_2","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2019-0071"},{"key":"e_1_3_3_3_2","article-title":"New TCP Scan Method","year":"1998","unstructured":"antirez. 1998. New TCP Scan Method. Bugtraq Mailing List. Retrieved November 20, 2025 from https:\/\/seclists.org\/bugtraq\/1998\/Dec\/79","journal-title":"Bugtraq Mailing List"},{"key":"e_1_3_3_4_2","volume-title":"BIND Vulnerabilities and Solutions","author":"Arce Ivan","year":"1997","unstructured":"Ivan Arce and Emiliano Kargieman. 1997. BIND Vulnerabilities and Solutions. Security Advisory. Secure Networks Inc. and CORE Seguridad de la Informacion. Retrieved November 20, 2025 from https:\/\/marc.info\/?l=best-of-security&m=96843707620680"},{"key":"e_1_3_3_5_2","doi-asserted-by":"publisher","DOI":"10.1109\/LCOMM.2007.061619"},{"key":"e_1_3_3_6_2","doi-asserted-by":"publisher","DOI":"10.1145\/378444.378449"},{"key":"e_1_3_3_7_2","doi-asserted-by":"crossref","first-page":"267","DOI":"10.1145\/637201.637243","volume-title":"Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurment","author":"Bellovin Steven M.","year":"2002","unstructured":"Steven M. Bellovin. 2002. A technique for counting NATted hosts. In Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurment. ACM, 267\u2013272. DOI:10.1145\/637201.637243"},{"key":"e_1_3_3_8_2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"155","DOI":"10.1007\/978-3-642-36516-4_16","volume-title":"Proceedings of the Passive and Active Measurement.","author":"Beverly Robert","year":"2013","unstructured":"Robert Beverly, William Brinkmeyer, Matthew Luckie, and Justin P. Rohrer. 2013. IPv6 alias resolution via induced fragmentation. In Proceedings of the Passive and Active Measurement.Lecture Notes in Computer Science, Vol. 7799. Springer, 155\u2013165. DOI:10.1007\/978-3-642-36516-4_16"},{"key":"e_1_3_3_9_2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"123","DOI":"10.1007\/978-3-319-15509-8_10","volume-title":"Proceedings of the Passive and Active Measurement.","volume":"8995","author":"Beverly Robert","year":"2015","unstructured":"Robert Beverly, Matthew Luckie, Lorenza Mosley, and K. C. Claffy. 2015. Measuring and characterizing IPv6 router availability. In Proceedings of the Passive and Active Measurement.Lecture Notes in Computer Science, Vol. 8995,Springer, 123\u2013135. DOI:10.1007\/978-3-319-15509-8_10"},{"key":"e_1_3_3_10_2","doi-asserted-by":"publisher","DOI":"10.2307\/2584168"},{"key":"e_1_3_3_11_2","doi-asserted-by":"publisher","DOI":"10.17487\/RFC1122"},{"key":"e_1_3_3_12_2","first-page":"2060","volume-title":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","author":"Brandt Markus","year":"2018","unstructured":"Markus Brandt, Tianxiang Dai, Amit Klein, Haya Shulman, and Michael Waidner. 2018. Domain validation++ For MitM-resilient PKI. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2060\u20132076. DOI:10.1145\/3243734.3243790"},{"key":"e_1_3_3_13_2","unstructured":"CAIDA. 2019. The CAIDA UCSD Anonymized Internet Traces - 2019. Retrieved November 20 2025 from https:\/\/www.caida.org\/catalog\/datasets\/passive_dataset\/"},{"key":"e_1_3_3_14_2","series-title":"Lecture Notes in Statistics","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1007\/978-0-387-21579-2_6","volume-title":"Proceedings of the Nonlinear Estimation and Classification","volume":"171","author":"Cao Jin","year":"2003","unstructured":"Jin Cao, William S. Cleveland, Dong Lin, and Don X. Sun. 2003. Internet traffic tends toward poisson and independent as the load increases. In Proceedings of the Nonlinear Estimation and Classification. David D. Denison, Mark H. Hansen, Christopher C. Holmes, Bani Mallick, and Bin Yu (Eds.), Lecture Notes in Statistics, Vol. 171, Springer, New York, NY, USA, 83\u2013109. DOI:10.1007\/978-0-387-21579-2_6"},{"key":"e_1_3_3_15_2","first-page":"209","volume-title":"Proceedings of the 25th USENIX Security Symposium","author":"Cao Yue","year":"2016","unstructured":"Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, Srikanth V. Krishnamurthy, and Lisa M. Marvel. 2016. Off-path TCP exploits: Global rate limit considered dangerous. In Proceedings of the 25th USENIX Security Symposium. USENIX Association, 209\u2013225."},{"key":"e_1_3_3_16_2","first-page":"1742","volume-title":"Proceedings of the IEEE INFOCOM 2000 - IEEE Conference on Computer Communications","author":"Cardwell Neal","year":"2000","unstructured":"Neal Cardwell, Stefan Savage, and Thomas Anderson. 2000. Modeling TCP latency. In Proceedings of the IEEE INFOCOM 2000 - IEEE Conference on Computer Communications. IEEE, 1742\u20131751. DOI:10.1109\/INFCOM.2000.832574"},{"key":"e_1_3_3_17_2","doi-asserted-by":"publisher","DOI":"10.1109\/91.873574"},{"key":"e_1_3_3_18_2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"108","DOI":"10.1007\/978-3-540-31966-5_9","volume-title":"Proceedings of the Passive and Active Network Measurement.","volume":"3431","author":"Chen Weifeng","year":"2005","unstructured":"Weifeng Chen, Yong Huang, Bruno F. Ribeiro, Kyoungwon Suh, Honggang Zhang, Edmundo de Souza e Silva, Jim Kurose, and Don Towsley. 2005. Exploiting the IPID field to infer network path and end-system characteristics. In Proceedings of the Passive and Active Network Measurement.Lecture Notes in Computer Science, Vol. 3431,Springer, 108\u2013120. DOI:10.1007\/978-3-540-31966-5_9"},{"key":"e_1_3_3_19_2","doi-asserted-by":"publisher","DOI":"10.1145\/505733.505737"},{"key":"e_1_3_3_20_2","doi-asserted-by":"publisher","DOI":"10.17487\/RFC8200"},{"key":"e_1_3_3_21_2","doi-asserted-by":"publisher","DOI":"10.1145\/1609956.1609966"},{"key":"e_1_3_3_22_2","volume-title":"Advanced Network Inference Techniques Based on Network Protocol Stack Information Leaks","author":"Ensafi Roya","year":"2014","unstructured":"Roya Ensafi. 2014. Advanced Network Inference Techniques Based on Network Protocol Stack Information Leaks. Ph. D. Dissertation. University of New Mexico, Albequerque, NM, USA."},{"key":"e_1_3_3_23_2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"109","DOI":"10.1007\/978-3-319-04918-2_11","volume-title":"Proceedings of the Passive and Active Measurement.","volume":"8362","author":"Ensafi Roya","year":"2014","unstructured":"Roya Ensafi, Jeffrey Knockel, Geoffrey Alexander, and Jedidiah R. Crandall. 2014. Detecting intentional packet drops on the internet via TCP\/IP side channels. In Proceedings of the Passive and Active Measurement.Lecture Notes in Computer Science, Vol. 8362,Springer, 109\u2013118. DOI:10.1007\/978-3-319-04918-2_11"},{"key":"e_1_3_3_24_2","first-page":"1","volume-title":"Proceedings of the 19th USENIX Security Symposium","author":"Ensafi Roya","year":"2010","unstructured":"Roya Ensafi, Jong Chun Park, Deepak Kapur, and Jedidiah R. Crandall. 2010. Idle port scanning and non-interference analysis of network protocol stacks using model checking. In Proceedings of the 19th USENIX Security Symposium. USENIX Association, 1\u201316."},{"key":"e_1_3_3_25_2","first-page":"61","volume-title":"Proceedings on Privacy Enhancing Technologies","author":"Ensafi Roya","year":"2015","unstructured":"Roya Ensafi, Philipp Winter, Abdullah Mueen, and Jedidiah R. Crandall. 2015. Analyzing the great firewall of china over space and time. In Proceedings on Privacy Enhancing Technologies 2025, 1 (2015), 61\u201376. DOI:10.1515\/popets-2015-0005"},{"key":"e_1_3_3_26_2","doi-asserted-by":"crossref","first-page":"1323","DOI":"10.1145\/3372297.3417884","volume-title":"Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security","author":"Feng Xuewei","year":"2020","unstructured":"Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu. 2020. Off-path TCP exploits of the mixed IPID assignment. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1323\u20131335. DOI:10.1145\/3372297.3417884"},{"key":"e_1_3_3_27_2","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2021.3115517"},{"key":"e_1_3_3_28_2","first-page":"1","volume-title":"Proceedings of the 2022 Network and Distributed System Security Symposium","author":"Feng Xuewei","year":"2022","unstructured":"Xuewei Feng, Qi Li, Kun Sun, Ke Xu, Baojun Liu, Xiaofeng Zheng, Qiushi Yang, Haixin Duan, and Zhiyun Qian. 2022. PMTUD is not panacea: Revisiting IP fragmentation attacks against TCP. In Proceedings of the 2022 Network and Distributed System Security Symposium. Internet Society, 1\u201318. DOI:10.14722\/ndss.2022.24381"},{"key":"e_1_3_3_29_2","first-page":"1","volume-title":"Proceedings of the 5th USENIX Workshop on Offensive Technologies","author":"Gilad Yossi","year":"2011","unstructured":"Yossi Gilad and Amir Herzberg. 2011. Fragmentation considered vulnerable: Blindly intercepting and discarding fragments. In Proceedings of the 5th USENIX Workshop on Offensive Technologies. USENIX Association, 1\u201310."},{"key":"e_1_3_3_30_2","first-page":"1","volume-title":"Proceedings of the 6th USENIX Workshop on Offensive Technologies","author":"Gilad Yossi","year":"2012","unstructured":"Yossi Gilad and Amir Herzberg. 2012. Off-path attacking the web. In Proceedings of the 6th USENIX Workshop on Offensive Technologies. USENIX Association, 1\u201312."},{"key":"e_1_3_3_31_2","doi-asserted-by":"publisher","DOI":"10.1145\/2445566.2445568"},{"key":"e_1_3_3_32_2","doi-asserted-by":"publisher","DOI":"10.1145\/2597173"},{"key":"e_1_3_3_33_2","first-page":"1","volume-title":"Proceedings of the 2006 IEEE Symposium on Security and Privacy","author":"Gutterman Zvi","year":"2006","unstructured":"Zvi Gutterman, Benny Pinkas, and Tzachy Reinman. 2006. Analysis of the linux random number generator. In Proceedings of the 2006 IEEE Symposium on Security and Privacy. IEEE, 1\u201315. DOI:10.1109\/SP.2006.5"},{"key":"e_1_3_3_34_2","first-page":"1","volume-title":"Proceedings of the 10th USENIX Security Symposium. USENIX Association","author":"Handley Mark","year":"2001","unstructured":"Mark Handley, Vern Paxson, and Christian Kreibich. 2001. Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics. In Proceedings of the 10th USENIX Security Symposium. USENIX Association, 1\u201317."},{"key":"e_1_3_3_35_2","doi-asserted-by":"crossref","first-page":"224","DOI":"10.1109\/CNS.2013.6682711","volume-title":"Proceedings of the 2013 IEEE Conference on Communications and Network Security","author":"Herzberg Amir","year":"2013","unstructured":"Amir Herzberg and Haya Shulman. 2013. Fragmentation considered poisonous, or: One-domain-to-rule-them-all.org. In Proceedings of the 2013 IEEE Conference on Communications and Network Security. IEEE, 224\u2013232. DOI:10.1109\/CNS.2013.6682711"},{"key":"e_1_3_3_36_2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"219","DOI":"10.1007\/978-3-642-40203-6_13","volume-title":"Proceedings of the Computer Security \u2013 ESORICS 2013.","volume":"8134","author":"Herzberg Amir","year":"2013","unstructured":"Amir Herzberg and Haya Shulman. 2013. Vulnerable delegation of DNS resolution. In Proceedings of the Computer Security \u2013 ESORICS 2013.Lecture Notes in Computer Science, Vol. 8134,Springer, 219\u2013236. DOI:10.1007\/978-3-642-40203-6_13"},{"key":"e_1_3_3_37_2","doi-asserted-by":"publisher","DOI":"10.1093\/biomet\/68.1.165"},{"key":"e_1_3_3_38_2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1007\/978-3-031-85960-1_2","volume-title":"Proceedings of the Passive and Active Measurement.","volume":"15567","author":"Huang Fengyuan","year":"2025","unstructured":"Fengyuan Huang, Yifan Yang, Zhenzhong Yang, Bingnan Hou, Yingwen Chen, and Zhiping Cai. 2025. A closer look at IPv6 IP-ID behavior in the wild. In Proceedings of the Passive and Active Measurement.Lecture Notes in Computer Science, Vol. 15567,Springer, 30\u201343. DOI:10.1007\/978-3-031-85960-1_2"},{"key":"e_1_3_3_39_2","doi-asserted-by":"crossref","first-page":"296","DOI":"10.1145\/3569951.3597573","volume-title":"Proceedings of the Practice and Experience in Advanced Research Computing","author":"Jennewein Douglas M.","year":"2023","unstructured":"Douglas M. Jennewein, Johnathan Lee, Chris Kurtz, William Dizon, Ian Shaeffer, Alan Chapman, Alejandro Chiquete, Josh Burks, Amber Carlson, Natalie Mason, et\u00a0al. 2023. The Sol supercomputer at arizona state university. In Proceedings of the Practice and Experience in Advanced Research Computing. ACM, Portland, OR, USA, 296\u2013301. DOI:10.1145\/3569951.3597573"},{"key":"e_1_3_3_40_2","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2004.46"},{"key":"e_1_3_3_41_2","first-page":"1558","volume-title":"Proceedings of the IEEE INFOCOM 2004 - IEEE Conference on Computer Communications","author":"Karagiannis Thomas","year":"2004","unstructured":"Thomas Karagiannis, Mart Molle, Michalis Faloutsos, and Andre Broido. 2004. A nonstationary poisson view of internet traffic. In Proceedings of the IEEE INFOCOM 2004 - IEEE Conference on Computer Communications. IEEE, 1558\u20131569. DOI:10.1109\/INFCOM.2004.1354569"},{"key":"e_1_3_3_42_2","doi-asserted-by":"publisher","DOI":"10.1145\/55483.55524"},{"key":"e_1_3_3_43_2","first-page":"1","volume-title":"OpenBSD DNS Cache Poisoning and Multiple O\/S Predictable IP ID Vulnerability","author":"Klein Amit","year":"2007","unstructured":"Amit Klein. 2007. OpenBSD DNS Cache Poisoning and Multiple O\/S Predictable IP ID Vulnerability. Technical Report. Trusteer. 1\u201348 pages."},{"key":"e_1_3_3_44_2","doi-asserted-by":"crossref","first-page":"1179","DOI":"10.1109\/SP40001.2021.00054","volume-title":"Proceedings of the 2021 IEEE Symposium on Security and Privacy","author":"Klein Amit","year":"2021","unstructured":"Amit Klein. 2021. Cross layer attacks and how to use them (for DNS cache poisoning, device tracking and more). In Proceedings of the 2021 IEEE Symposium on Security and Privacy. IEEE, 1179\u20131196. DOI:10.1109\/SP40001.2021.00054"},{"key":"e_1_3_3_45_2","first-page":"1","volume-title":"Proceedings of the 2022 Network and Distributed System Security Symposium","author":"Klein Amit","year":"2022","unstructured":"Amit Klein. 2022. Subverting stateful firewalls with protocol states. In Proceedings of the 2022 Network and Distributed System Security Symposium. Internet Society, 1\u201318. DOI:10.14722\/ndss.2022.23037"},{"key":"e_1_3_3_46_2","unstructured":"Amit Klein. 2024. Private Communication."},{"key":"e_1_3_3_47_2","first-page":"1063","volume-title":"Proceedings of the 28th USENIX Security Symposium","author":"Klein Amit","year":"2019","unstructured":"Amit Klein and Benny Pinkas. 2019. From IP ID to device ID and KASLR bypass. In Proceedings of the 28th USENIX Security Symposium. USENIX Association, 1063\u20131080."},{"key":"e_1_3_3_48_2","first-page":"1","volume-title":"Proceedings of the 4th USENIX Workshop on Free and Open Communications on the Internet","author":"Knockel Jeffrey","year":"2014","unstructured":"Jeffrey Knockel and Jedidiah R. Crandall. 2014. Counting packets sent between arbitrary internet hosts. In Proceedings of the 4th USENIX Workshop on Free and Open Communications on the Internet. USENIX Association, 1\u20138."},{"key":"e_1_3_3_49_2","volume-title":"The Art of Computer Programming. Vol. 2, Seminumerical Algorithms","author":"Knuth Donald E.","year":"1969","unstructured":"Donald E. Knuth. 1969. The Art of Computer Programming. Vol. 2, Seminumerical Algorithms. Vol. 2. Addison-Wesley, Reading, MA, USA."},{"key":"e_1_3_3_50_2","doi-asserted-by":"publisher","DOI":"10.1145\/362375.362389"},{"key":"e_1_3_3_51_2","doi-asserted-by":"publisher","DOI":"10.1145\/205447.205464"},{"issue":"64","key":"e_1_3_3_52_2","first-page":"13","article-title":"Remote blind TCP\/IP spoofing","year":"2007","unstructured":"lkm. 2007. Remote blind TCP\/IP spoofing. Phrack Magazine64 (2007), 13. Retrieved from http:\/\/phrack.org\/issues\/64\/13.html#article","journal-title":"Phrack Magazine"},{"key":"e_1_3_3_53_2","volume-title":"Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning","author":"Lyon Gordon \u201cFyodor\u201d","year":"2009","unstructured":"Gordon \u201cFyodor\u201d Lyon. 2009. Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Nmap Project, Sunnyvale, CA."},{"key":"e_1_3_3_54_2","first-page":"1","volume-title":"Proceedings of the 2016 Network and Distributed System Security Symposium","author":"Malhotra Aanchal","year":"2016","unstructured":"Aanchal Malhotra, Isaac E. Cohen, Erik Brakke, and Sharon Goldberg. 2016. Attacking the network time protocol. In Proceedings of the 2016 Network and Distributed System Security Symposium. Internet Society, 1\u201315. DOI:10.14722\/ndss.2016.23090"},{"key":"e_1_3_3_55_2","unstructured":"Bill Marczak Nicholas Weaver Jakub Dalek Roya Ensafi David Fifield Sarah McKune Arn Rey John Scott-Raliton Ron Deibert and Vern Paxson. 2015. An analysis of china\u2019s \u201cGreat Cannon\u201d. In Retrieved from 5th USENIX Workshop on Free and Open Communications on the Internet. USENIX Association 1\u201311."},{"key":"e_1_3_3_56_2","doi-asserted-by":"publisher","DOI":"10.1145\/263932.264023"},{"key":"e_1_3_3_57_2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"208","DOI":"10.1007\/978-3-642-11207-2_16","volume-title":"Proceedings of the Data Privacy Management and Autonomous Spontaneous Security.","volume":"5939","author":"Medeiros Jo\u00e3o Paulo S.","year":"2010","unstructured":"Jo\u00e3o Paulo S. Medeiros, Agostinho M. Brito, and Paulo S. Motta Pires. 2010. An effective TCP\/IP fingerprinting technique based on strange attractors classification. In Proceedings of the Data Privacy Management and Autonomous Spontaneous Security.Lecture Notes in Computer Science, Vol. 5939,Springer, 208\u2013221. DOI:10.1007\/978-3-642-11207-2_16"},{"key":"e_1_3_3_58_2","first-page":"1265","volume-title":"Proceedings of the 2012 IEEE International Conference on Communications","author":"Mongkolluksamee Sophon","year":"2012","unstructured":"Sophon Mongkolluksamee, Kensuke Fukuda, and Panita Pongpaibool. 2012. Counting NATted hosts by observing TCP\/IP field behaviors. In Proceedings of the 2012 IEEE International Conference on Communications. IEEE, 1265\u20131270. DOI:10.1109\/ICC.2012.6364596"},{"key":"e_1_3_3_59_2","volume-title":"TCP Idle Scans in IPv6","author":"Morbitzer Mathias","year":"2013","unstructured":"Mathias Morbitzer. 2013. TCP Idle Scans in IPv6. Master\u2019s thesis. Radboud University Nijmegen, Nijmegen, Netherlands."},{"key":"e_1_3_3_60_2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"69","DOI":"10.1007\/978-3-030-00434-7_4","volume-title":"Proceedings of the Cryptology and Network Security.","volume":"11124","author":"Orevi Liran","year":"2018","unstructured":"Liran Orevi, Amir Herzberg, and Haim Zlatokrilov. 2018. DNS-DNS: DNS-based De-NAT scheme. In Proceedings of the Cryptology and Network Security.Lecture Notes in Computer Science, Vol. 11124,Springer, 69\u201388. DOI:10.1007\/978-3-030-00434-7_4"},{"key":"e_1_3_3_61_2","doi-asserted-by":"publisher","DOI":"10.1145\/285243.285291"},{"key":"e_1_3_3_62_2","article-title":"\u201dFirst-Try\u201d DNS Cache Poisoning with IPv4 and IPv6 Fragmentation","author":"Palmer Travis","year":"2019","unstructured":"Travis Palmer and Brian Somers. 2019. \u201dFirst-Try\u201d DNS Cache Poisoning with IPv4 and IPv6 Fragmentation. DEF CON 27. Retrieved November 20, 2025 from https:\/\/media.defcon.org\/DEF%20CON%2027\/DEF%20CON%2027%20presentations\/DEFCON-27-Travis-Palmer-First-try-DNS-Cache-Poisoning-with-IPv4-and-IPv6-Fragmentation.pdf","journal-title":"DEF CON 27"},{"key":"e_1_3_3_63_2","doi-asserted-by":"publisher","DOI":"10.1109\/90.392383"},{"key":"e_1_3_3_64_2","doi-asserted-by":"crossref","first-page":"427","DOI":"10.1109\/SP.2017.55","volume-title":"Proceedings of the 2017 IEEE Symposium on Security and Privacy","author":"Pearce Paul","year":"2017","unstructured":"Paul Pearce, Roya Ensafi, Frank Li, Nick Feamster, and Vern Paxson. 2017. Augur: Internet-wide detection of connectivity disruptions. In Proceedings of the 2017 IEEE Symposium on Security and Privacy. IEEE, 427\u2013443. DOI:10.1109\/SP.2017.55"},{"key":"e_1_3_3_65_2","doi-asserted-by":"publisher","DOI":"10.17487\/RFC0791"},{"key":"e_1_3_3_66_2","doi-asserted-by":"crossref","first-page":"347","DOI":"10.1109\/SP.2012.29","volume-title":"Proceedings of the 2012 IEEE Symposium on Security and Privacy","author":"Qian Zhiyun","year":"2012","unstructured":"Zhiyun Qian and Z. Morley Mao. 2012. Off-path TCP sequence number inference attack - How firewall middleboxes reduce security. In Proceedings of the 2012 IEEE Symposium on Security and Privacy. IEEE, 347\u2013361. DOI:10.1109\/SP.2012.29"},{"key":"e_1_3_3_67_2","doi-asserted-by":"crossref","first-page":"207","DOI":"10.1109\/SP.2010.42","volume-title":"Proceedings of the 2010 IEEE Symposium on Security and Privacy","author":"Qian Zhiyun","year":"2010","unstructured":"Zhiyun Qian, Z. Morley Mao, Yinglian Xie, and Fang Yu. 2010. Investigation of triangular spamming: A stealthy and efficient spamming technique. In Proceedings of the 2010 IEEE Symposium on Security and Privacy. IEEE, 207\u2013222. DOI:10.1109\/SP.2010.42"},{"key":"e_1_3_3_68_2","volume-title":"Addressing Weaknesses in the Domain Name System Protocol","author":"Schuba Christoph","year":"1993","unstructured":"Christoph Schuba. 1993. Addressing Weaknesses in the Domain Name System Protocol. Master\u2019s thesis. Purdue University, West Lafayette, IN, USA."},{"key":"e_1_3_3_69_2","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2002.805028"},{"key":"e_1_3_3_70_2","doi-asserted-by":"publisher","DOI":"10.17487\/rfc2663"},{"key":"e_1_3_3_71_2","doi-asserted-by":"publisher","DOI":"10.17487\/RFC6864"},{"key":"e_1_3_3_72_2","first-page":"2069","volume-title":"Proceedings of the IEEE INFOCOM 2018 - IEEE Conference on Computer Communications","author":"Zhang Xu","year":"2018","unstructured":"Xu Zhang, Jeffrey Knockel, and Jedidiah R. Crandall. 2018. ONIS: Inferring TCP\/IP-based trust relationships completely off-path. In Proceedings of the IEEE INFOCOM 2018 - IEEE Conference on Computer Communications. IEEE, 2069\u20132077. DOI:10.1109\/INFOCOM.2018.8486426"},{"key":"e_1_3_3_73_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2012.2231861"},{"key":"e_1_3_3_74_2","first-page":"577","volume-title":"Proceedings of the 29th USENIX Security Symposium","author":"Zheng Xiaofeng","year":"2020","unstructured":"Xiaofeng Zheng, Chaoyi Lu, Jian Peng, Qiushi Yang, Dongjie Zhou, Baojun Liu, Keyu Man, Shuang Hao, Haixin Duan, and Zhiyun Qian. 2020. Poison over troubled forwarders: A cache poisoning attack targeting DNS forwarding devices. In Proceedings of the 29th USENIX Security Symposium. USENIX Association, 577\u2013593."}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3776582","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,9]],"date-time":"2025-12-09T15:19:25Z","timestamp":1765293565000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3776582"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,9]]},"references-count":73,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2026,4,30]]}},"alternative-id":["10.1145\/3776582"],"URL":"https:\/\/doi.org\/10.1145\/3776582","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"type":"print","value":"0360-0300"},{"type":"electronic","value":"1557-7341"}],"subject":[],"published":{"date-parts":[[2025,12,9]]},"assertion":[{"value":"2024-06-10","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-11-07","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-12-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}