[nsp-sec] Potential TCP / IP vulnerabilities announcedmidOctober - Outpost24 interview
Chris Calvert
Chris.Calvert at telus.com
Thu Oct 2 17:49:22 EDT 2008
So that he doesn't have to mention it, I will: Jose has commented on
this (including links to posts on the topic by Fyodor, Robert Graham, a
belsec blog, etc):
http://asert.arbornetworks.com/2008/10/thoughts-on-the-tcpip-stack-dos/
Just to recap, are these all possibilities still, or can we something
rule out (with Naphta being the most obvious candidate)?
Basically, Florian's list:
NetKill
- consume memory in kernel space by not closing connections OR
Optimistic ACK
- Attacks theorized in the "Misbehaving TCP Receivers Can Cause
Internet-Wide Congestion Collapse" paper by Sherwood, Bhattacharjee, and
Braud
MTU discovery attack
- Fernando Gont's performance-degrading attack against TCP Path-MTU (I
believe this is what Florian referred to)
Naphta
- circa 2000, Robert Keyes
-
http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0105.html
Chris
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
> Chris Morrow
> Sent: Thursday, October 02, 2008 1:41 PM
> To: Florian Weimer
> Cc: nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] Potential TCP / IP vulnerabilities
> announcedmidOctober - Outpost24 interview
>
> ----------- nsp-security Confidential --------
>
>
>
> On Wed, 1 Oct 2008, Chris Morrow wrote:
>
> >
> >
> > On Wed, 1 Oct 2008, Chris Morrow wrote:
> >> I agree with Florian here, we need more data, this is all
> guesswork based
> >> on a horrid interview and article/blog-note.
> >
> > also, note that 'especially' does NOT have an "X" in it :(
>
> someone (DaveW) posted this in the irc chat today:
>
> <http://insecure.org/stf/tcp-dos-attack-explained.html>
>
> that seems to cover the potentials brought up by outpost24,
> it also seems
> to make well in to the thoughts expressed here already...
>
> -Chris
> (this is another version of naptha as we were specualting)
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security
> community. Confidentiality is essential for effective
> Internet security counter-measures.
> _______________________________________________
>
More information about the nsp-security
mailing list