[nsp-sec] Potential TCP / IP vulnerabilities announced mid October - Outpost24 interview
Florian Weimer
fweimer at bfk.de
Tue Sep 30 12:56:30 EDT 2008
* Kick Fronenbroek:
> On Dutch news sites, reports are posted on a flaw in TCP/IP which will be
> presented mid October in Finland at:
> http://www.t2.fi/2008/08/27/jack-c-louis-and-robert-e-lee-to-talk-about-new-
> dos-attack-vectors/
There are several published but mostly unfixed TCP attacks. Netkill
is one of them (it reduces the TCP receive window size to zero after
the connection is handled exclusively by the kernel on the sending
side). Anotherone is optimistic ACKing, were you send ACKs faster
than your actual link, trying to convince the sender to waste packets
on you instead of legitimate clients. There's also an old attack
abusing path MTU discovery (reducing the segment size to something
like 40 bytes), but quite a few vendors have actually fixed this one.
Chances are good that it's just a rediscovery of those really old
issues.
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the nsp-security
mailing list