- 论坛徽章:
- 0
|
A serious TCP/IP Vulnerability known as “SockStress” has been found, exploited, and information released by a Security group called Outpost24.
This latest vulnerability not only has severe implications for many web masters, designers and programmers, but also affects routing servers and any system with TCP stack processes exposed to the outside world.
After the latest DNS poisoning vulnerability, webmasters seem on edge about how insecure the very foundations of the internet are (mainly due to being created before security was even thought of).
Sockstress is the name of the tool created by Outpost24, which they are still testing before releasing it. They have, however, walked through how the attack could be achieved in great detail. Some security experts have showed concern over how they handled the information released.
The sockstress attack seems to be limited to the TCP stack, but mixes several techniques to allow a very low-bandwidth hacker to deplete local resources (memory, swap file and even kernel file abuse). Just a few packets a second and a little amount of time are needed to take down a server. As little as nine packets and a few minutes are all that is suggested to be needed!
Lack of timing of the TCP/IP stack and, more specifically, kernel’s response seems to be the most deciding factor. A “Badly designed TCP stack” is referred to and after the 3-way handshake (syn cookie verification and acknowledgment) has completed, resources can be exploited!…
“The worst thing we ever had happen, was, we had Windows reboot and say ‘Operating system not found’”
In theory, a syn cookie validation process could be cycled. Sending for verification and acknowledgment, then a “no buffer space” response could be sent from the attackers end. This would force the target to allocate more resources to the attackers cycled process, with severe consequences.
Please bear in mind that this is not a syn packet attack attack! (the magic happens after the syn ack)
This can result in a denial of service (Dos) by TCP servers (www, ftp, tftp, smtp, pop, etc.) running on Windows, Linux, BSD, certain routing servers, and other Internet applications and protocols!
An excerpt from Outpost24’s website, claims:
Outpost24’s Senior Security Researcher, Jack C. Louis has discovered a generic issue that affects the availability of TCP services. This issue could be used to create a Denial of Service attack. Vendors have been notified. Details are not available to the public at this point, but will be disclosed at an appropriate future date.
Jack C. Louis, along with Outpost24’s Chief Security Officer Robert E. Lee, will be speaking at the T2 conference in Helsinki, Finland on October 16 - 17. |
|
免费注册
发表于 2008-10-22 14:02
