critical flaw in the way TCP/IP stacks
October 14th, 2008
Security researchers in Sweden have discovered a somewhat critical flaw in the way TCP/IP stacks have been implemented across the majority of Operating Systems and IP enabled devices that could result in a Denial of Service.
The researchers Robert E. Lee and his colleague Jack C. Louis work for Outpost 24, These guys are the inventors of UnicornScan, a user-land TCP stack turned into a port scanner.
The issues they discovered came from their testing of their scanner, while analysing the responses they discovered that some devices became overly responsive, in that the hosts kept sending responses to them over and over. The hosts would continue to do this until rebooted. In some circumstances the hosts would become unresponsive after the attack, however the more universal case was that the hosts would become unresponsive during the attack.
These are not specific vulnerabilities within an OS or platform but are issues in the way in which routers, PCs and other systems handle TCP connection requests from remote machines. Moreover the attacks can be carried out with very little bandwidth. The issues first came to light it seems in 2005, more importantly at this time there do not appear to be any workarounds or fixes for the problems at this point as they could affect any TCP enabled device.
Lee and Louis will be presenting the findings of their work at the T2 Conference in Helsinki this month, although not releasing the full details of the flaws. You can read more at Robert E. Lee’s blog here.