TCP Resource Exhaustion DoS Attack Speculation

[Fyodor <fyodor () insecure org>]

Yesterday we saw many news reports of a "new" denial of service
vulnerability in TCP.  As seems to be getting more common, the
researchers (Robert Lee and Jack Louis) declined to provide details
until their presentation in Finland on the 17th.  It is Kaminksy deja
vu!

While I don't favor this approach (or the media circus which always
ensues), I don't presume to tell researchers how they should disclose
vulnerabilities.  But I also don't need to keep quiet until their talk
if I figure out or independently discover an issue.  There was lots of
speculation on DailyDave about the DNS flaws, and I think I've figured
out this "new" vulnerability.  The vague description and symptoms
match those for a DoS tool (Ndos) I wrote and used years ago.

I just posted a detailed description of the problem and its
implications here:

http://insecure.org/stf/tcp-dos-attack-explained.html

I hope Robert and Jack aren't mad at me, since I do respect them and
their work.  But they claim on their podcast that their goal is to get
people thinking about the problem and solutions.  For that to happen,
you sort of have to describe the problem :).  And if it is really such
an important issue, why wait until October 17?

Cheers,
Fyodor
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave