Dailydave mailing list archives
TCP Resource Exhaustion DoS Attack Speculation
From: Fyodor <fyodor () insecure org>
Date: Thu, 2 Oct 2008 03:56:58 -0700
Yesterday we saw many news reports of a "new" denial of service vulnerability in TCP. As seems to be getting more common, the researchers (Robert Lee and Jack Louis) declined to provide details until their presentation in Finland on the 17th. It is Kaminksy deja vu! While I don't favor this approach (or the media circus which always ensues), I don't presume to tell researchers how they should disclose vulnerabilities. But I also don't need to keep quiet until their talk if I figure out or independently discover an issue. There was lots of speculation on DailyDave about the DNS flaws, and I think I've figured out this "new" vulnerability. The vague description and symptoms match those for a DoS tool (Ndos) I wrote and used years ago. I just posted a detailed description of the problem and its implications here: http://insecure.org/stf/tcp-dos-attack-explained.html I hope Robert and Jack aren't mad at me, since I do respect them and their work. But they claim on their podcast that their goal is to get people thinking about the problem and solutions. For that to happen, you sort of have to describe the problem :). And if it is really such an important issue, why wait until October 17? Cheers, Fyodor _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- TCP Resource Exhaustion DoS Attack Speculation Fyodor (Oct 05)
- Re: TCP Resource Exhaustion DoS Attack Speculation Dave Korn (Oct 10)