The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

  • Subscribe

  • Xavier’s tweets

    Error: Twitter did not respond. Please wait a few minutes and refresh this page.

  • Goodreads

  • Enter your email address to follow this blog and receive notifications of new posts by email.

    Join 1,186 other followers

  • Blog Stats

    • 52,396 hits

Why The TCP Attack Is Likely Bad, But Not That Bad

Posted by Xavier Ashe on October 3, 2008

There’s been a bunch of new information released over the past few days about the potential big TCP denial of service flaw. The three most informative posts I’ve read are:

  1. Fyodor’s discussion of either the same, or a similar issue.
  2. Richard Bejtlich’s overview.
  3. Rob Graham’s take on the potential attack.

Here’s what I think you need to know:

  1. It is almost certainly real.
  2. Using this technique, an attacker with very few resources can lock up the TCP stack of the target system, potentially draining other resources, and maybe even forcing a reboot (Could this trash a host OS? We don’t know yet.).
  3. Anything that accepts TCP connections is vulnerable. I believe that means passive sniffing/routing is safe.
  4. The attack is obvious and traceable. Since we are using TCP and creating open connections (not UDP) it means spoofing/anonymous attacks don’t seem possible.
  5. Thus, I’d be more worried about a botnet that floods your upstream provider than this targeted attack.
  6. This is the kind of thing we should be able to filter, once our defenses are updated.

From Securosis.com.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: