Archive for October, 2008

 

The next big exploit?

Oct 05, 2008 in Security

After the Kaminsky’s big find and now talks about a BGP exploit, the newest “the sky is falling” exploit is a flaw in TCP/IP stack.

“Outpost24 has discovered a bug in the TCP / IP protocol that allows for almost every system to disrupt. De onderzoeken kennen geen enkel systeem dat niet gevoelig is voor de Denial-of-Service-mogelijkheid. The investigations have no single system that is not sensitive to the Denial of Service possibility”  Link

Here is the talk between Outpost.  The English version starts after the 5min marker.

http://debeveiligingsupdate.nl/audio/bevupd_0003.mp3

The gist of the mp3 is that with a customized tcp scanner, Outpost was able to, after the 3 way handshake, cause a Denial of Service (DoS) on any machine.  This doesn’t seem to matter what the OS (Linux, Windows, and etc), causing a DoS and sometimes worse.

This is a new type of attack that is not a syn-flood, but a mishandled flaw in TCP causing a resource attack that ultimately affects the kernel.  Some how reverse syn-cookies are used in the attack so that we wouldn’t need to keep track of the different sessions.  The scary part is that this can be done with a limited of 40 packets per second and can also be done from a cable modem.

What does this all mean?  That I could be able to send a request to any server or computer that has an open TCP port and that allows for the 3 way handshake, and cause that system to fail.  You could potentially take down the whole internet!

More details will be released during the T2 conference in Finland (http://www.t2.fi/)

-Cheetz