Arbor Networks: Security to the Core

Speculation is rampant after reports of a new TCP stack denial of service attack have been announced. The attack details have yet to be make public – it’s for a talk at this year’s T2 event in Finland – but folks are anxiously looking for details.

We don’t have any.

Probably the most detail I’ve seen publicly shared is this detailed blog post from belsec. So far this sounds like a minor variant on known attack vectors, ie Naptha, or other state holding attacks.

The folks behind Unicorn scan are no slackers and know TCP/IP stack internals better than almost anyone, so I anticipate that it’s really a new attack, or an old attack with a new twist.

I’ll keep waiting until T2 for details.

UPDATES

Some additional thoughts from other, very talented and insightful researchers, speculating on the attack vector and its novelty, as well as defenses:

• Explaining the “New” TCP Resource Exhaustion Denial of Service (DoS) Attack by Fyodor, October 2, 2008
• TCP DoS (probably) real, October 01, 2008 by Robert Graham.

This entry was posted on Wednesday, October 1st, 2008 at 5:06 pm and is filed under Exploit Code, Interesting Research, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.