UDP Traffic Fingerprinting Attack

Will add to:

All UDP traffic can be fingerprinted and linked to the same kernel/machine for its runtime duration. The key is reset on restart.

This does into apply to TCP traffic and therefore stuff over Tor.

The net namespace of the kernel context is included in the hash calculation that is used the IP ID field of UDP packets. Since 4.1 CONFIG_NET_NS. Works in the wild. Applies.to Android.

Mitigations need changes to the kernel code itself. Yet

“From IP ID to Device ID and KASLR Bypass (Extended Version)”

Link to the paper: https://www.usenix.org/system/files/sec19-klein.pdf

It seems to be fixed now by randomizing the IDs kernel/git/torvalds/linux.git - Linux kernel source tree

Edit: the fix seems to have been backported to Debian kernels already [SECURITY] [DLA 1862-1] linux security update

Great saves me a lot of work and now I need to update my VMs