After more than 40 years of development, the fundamental TCP/IP protocol suite, serving as the backbone of the Internet, is widely recognized for having achieved an elevated level of robustness and security. Distinctively, we take a new perspective to investigate the security implications of cross-layer interactions within the TCP/IP protocol suite caused by ICMP error messages. Through a comprehensive analysis of interactions among Wi-Fi, IP, ICMP, UDP, and TCP due to ICMP errors, we uncover several significant vulnerabilities, including information leakage, desynchronization, semantic gaps, and identity spoofing. These vulnerabilities can be exploited by off-path attackers to manipulate network traffic stealthily, affecting over 20% of popular websites and more than 89% of public Wi-Fi networks, thus posing risks to the Internet. By responsibly disclosing these vulnerabilities to affected vendors and proposing effective countermeasures, we enhance the robustness of the TCP/IP protocol suite, receiving acknowledgments from well-known organizations such as the Linux community, the OpenWrt community, the FreeBSD community, Wi-Fi Alliance, Qualcomm, HUAWEI, China Telecom, Alibaba, and H3C.

翻译：经过四十余年的发展，作为互联网基石的TCP/IP协议栈已被广泛认为达到了较高的鲁棒性与安全性水平。本研究独辟蹊径，从全新视角探究由ICMP差错报文引发的TCP/IP协议栈内部跨层交互的安全影响。通过对Wi-Fi、IP、ICMP、UDP及TCP各层因ICMP差错产生的交互行为进行系统性分析，我们揭示了若干关键漏洞，包括信息泄露、失步、语义鸿沟及身份伪造等。这些漏洞可被离径攻击者利用以隐蔽操控网络流量，影响超过20%的热门网站及89%以上的公共Wi-Fi网络，从而对互联网构成实质性威胁。通过向相关厂商负贵披露这些漏洞并提出有效防护方案，我们增强了TCP/IP协议栈的鲁棒性，并获得了Linux社区、OpenWrt社区、FreeBSD社区、Wi-Fi联盟、Qualcomm、HUAWEI、中国电信、阿里巴巴、H3C等知名组织的致谢确认。