The Lazy Genius

Security News and Brain Dumps from an IBM Tivoli Security Consultant

«
»

Why The TCP Attack Is Likely Bad, But Not That Bad

Posted by Xavier Ashe on October 3, 2008

There’s been a bunch of new information released over the past few days about the potential big TCP denial of service flaw. The three most informative posts I’ve read are:

  1. Fyodor’s discussion of either the same, or a similar issue.
  2. Richard Bejtlich’s overview.
  3. Rob Graham’s take on the potential attack.

Here’s what I think you need to know:

  1. It is almost certainly real.
  2. Using this technique, an attacker with very few resources can lock up the TCP stack of the target system, potentially draining other resources, and maybe even forcing a reboot (Could this trash a host OS? We don’t know yet.).
  3. Anything that accepts TCP connections is vulnerable. I believe that means passive sniffing/routing is safe.
  4. The attack is obvious and traceable. Since we are using TCP and creating open connections (not UDP) it means spoofing/anonymous attacks don’t seem possible.
  5. Thus, I’d be more worried about a botnet that floods your upstream provider than this targeted attack.
  6. This is the kind of thing we should be able to filter, once our defenses are updated.

From Securosis.com.

This entry was posted on October 3, 2008 at 10:53 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

«
»