The attack can be done by sniffing an HTTP request then the attacker will spoofed a crafted HTTP response.
Looks like the attacker needs physical access.
Performing Quantum Insert attack require that the attacker can monitor the traffic and have very fast infrastructure to win the race condition.
Again, NSA and co. seem to have these abilities. How can you defend yourself? Look for duplicated packets coming from a legitimate request. Remember, in order for the impersonation to be of value, the attacker must return a spoofed packet faster than the legitimate back-end can.
What will we see next from intelligence agencies in the future? How can we defend infrastructures from these kind of TTL races? Is there an easy fix?
Link to Original Source