Ïðîñìîòð ïîëíîé âåðñèè : Explaining the “New” TCP Resource Exhaustion Denial of Service (DoS) Attack by Fyodor

12.10.2008, 16:03

Robert Lee and Jack Louis recently went public claiming to have discovered a new and devastating denial of service (DoS) vulnerability in the core TCP/IP protocol stack used for almost all Internet communication. They refuse to release details before their talk at the T2 security conference in Finland on October 17. Yet they have given many alarming interviews, and the press is having a field day spreading fear and uncertainty. Articles have appeared on The Register (“DoS attack reveals (yet another) crack in net's core”), Slashdot (“New Denial-of-Service Attack is a Killer”), Search Security (“TCP is fundamentally borked”), and many more publications. In the Register article, Robert Lee says “We haven't found anybody who has a TCP stack that runs TCP based services that isn't vulnerable” and that a target machine “basically self thrashes, and the only recovery after about two to four minutes worth of attack flow, even after the attack stops, is to reboot the machine”. The SearchSecurity article ends with this chilling paragraph:

“The best advice I have right now is don't allow anonymous connections. Make whitelist so only certain IP addresses can come in,” Lee said, acknowledging the impracticality of that for a Web server or mail server or virtually any other TCP-enabled device. “There's no real workaround right now.”

They gave a PodCast interview with an even gloomier prognosis for the Internet: http://insecure.org/stf/tcp-dos-attack-explained.html