From: InfoSec News (alertsinfosecnews.org)
Date: Thu Oct 02 2008 - 01:43:57 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.theregister.co.uk/2008/10/01/fundamental_net_vuln/

By Dan Goodin in San Francisco
The Register
1st October 2008

Security experts say they have discovered a flaw in a core internet
protocol that can be exploited to disrupt just about any device with a
broadband connection, a finding that could have profound consequences
for millions of people who depend on websites, mail servers, and network
infrastructure.

The bug in the transmission control protocol (TCP) affords attackers a
wealth of new ways to carry out denials of service on equipment at the
heart of data centers and other sensitive points on the internet. The
new class of attack is especially severe because it can be carried out
using very little bandwidth and has the ability to paralyze a server or
router even after the flood of malicious data has stopped.

"If you use the internet and you serve a TCP-based service that you
value the availability for, then this affects you," Robert E. Lee, chief
security officer for Sweden-based Outpost24 told The Register. "That may
not be every internet user, but that's certainly any IT manager, that's
certainly any website operator, mail server operator, or router
operator."

Lee said he and Outpost24 colleague Jack Louis discovered the bug in
2005, but decided to keep their finding secret while they tried to
devise a solution. After largely hitting a wall, they decided to go
public in hopes that a new infusion of ideas will finally get the
problem fixed.

[...]

__________________________________________________
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!
http://conference.hackinthebox.org/hitbsecconf2008kl/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]