TCP flaws may lead to DoS attacks, say researchers

Started by Gary, Oct 03, 2008, 10:30:36

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Gary

"Two researchers in Sweden have found multiple flaws in the TCP stack that could lead to massive denial-of-service attacks if exploited. At present there is no workaround and there are no patches available"

Full story here
Damned, if you do damned if you don't

Sebby


Gary

Quote from: Sebby on Oct 03, 2008, 11:07:14
Another vulnerability. Oh joy. :)
Apart from patching, this is what ADSL is for as well Sebby :)
Damned, if you do damned if you don't

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Sebby


Inactive

Anything and everything that I post on here is purely my opinion, it ain't going to change the world, you are under no obligation to agree with me, it is purely my expressed opinion.

Sebby


esh

From what I hear, the problem is to do with SYN cookies, which can actually be disabled in Linux boxes without a reboot.

The downside of disabling SYN cookies is you are more reliable to 'standard' DDoS attacks, but these types of attacks just generally temporarily hog resources rather than cause the system to fall into a state where a reboot is necessary (excluding older Windows machines of course). You can also likely use network IP filtering to hold out against normal DoS attacks, crude as it may be.
CompuServe 28.8k/33.6k 1994-1998, BT 56k 1998-2001, NTL Cable 512k 2001-2004, 2x F2S 1M 2004-2008, IDNet 8M 2008 - LLU 11M 2011

somanyholes

QuoteFrom what I hear, the problem is to do with SYN cookies, which can actually be disabled in Linux boxes without a reboot.

The downside of disabling SYN cookies is you are more reliable to 'standard' DDoS attacks, but these types of attacks just generally temporarily hog resources rather than cause the system to fall into a state where a reboot is necessary (excluding older Windows machines of course). You can also likely use network IP filtering to hold out against normal DoS attacks, crude as it may be.

catch22 really, if one Dos doesn't get you the other one will :)