Self-trashing TCP exploit: DoS attack reveals yet another crack in net's core

The bug in the transmission control protocol (TCP) affords attackers a wealth of new ways to carry out denials of service on equipment at the heart of data centers and other sensitive points on the internet. The new class of attack is especially severe because it can be carried out using very little bandwidth and […]

The bug in the transmission control protocol (TCP) affords attackers a wealth of new ways to carry out denials of service on equipment at the heart of data centers and other sensitive points on the internet. The new class of attack is especially severe because it can be carried out using very little bandwidth and has the ability to paralyze a server or router even after the flood of malicious data has stopped.

"If you use the internet and you serve a TCP-based service that you value the availability for, then this affects you," Robert E. Lee, chief security officer for Sweden-based Outpost24 told The Register. "That may not be every internet user, but that's certainly any IT manager, that's certainly any website operator, mail server operator, or router operator."

Robert Graham, CEO of Errata Security, said here that after listening to this interview with the researchers, he's inclined to believe the threat is real.

"They have been working deep withing TCP stacks," he wrote. "If such problems exist, then they would have certainly come across them."

Full Article