Sign in Subscribe
By Ray Slakinski in Software

Big Gaping Hole in TCP

NISCC Vulnerability Advisory 236929 has this to say about a new TCP DOS attack.

The discoverer of the practicability of the RST attack was Paul A. Watson, who describes his research in his paper “Slipping In The Window: TCP Reset Attacks”, presented at the CanSecWest 2004 conference. He noticed that the probability of guessing an acceptable sequence number is much higher than 1/232 because the receiving TCP implementation will accept any sequence number in a certain range (or “window”) of the expected sequence number. The window makes TCP reset attacks practicable.
Out of all the systems that support TCP/IP, it turns out OpenBSD is one of the few, if not the only one that is not acceptable. I'm not sure if this issue exists in version 6 of TCP/IP, if not it may finally help to push the use of the updated protocol.

Update: Hole not as big as we were lead to believe:

However, Zalewski says that the flaw is not new, everyone has known about it since 1996 and it was unlikely to cause an "internet melt-down".
Zalewski was credited as one of the folks that discovered the above TCP flaw, the quote is from theinquirer.net.

Subscribe to The Slakinski Log

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]
Subscribe