Big Gaping Hole in TCP
NISCC Vulnerability Advisory 236929 has this to say about a new TCP DOS attack.
The discoverer of the practicability of the RST attack was Paul A. Watson, who describes his research in his paper “Slipping In The Window: TCP Reset Attacks”, presented at the CanSecWest 2004 conference. He noticed that the probability of guessing an acceptable sequence number is much higher than 1/232 because the receiving TCP implementation will accept any sequence number in a certain range (or “window”) of the expected sequence number. The window makes TCP reset attacks practicable.Out of all the systems that support TCP/IP, it turns out OpenBSD is one of the few, if not the only one that is not acceptable. I'm not sure if this issue exists in version 6 of TCP/IP, if not it may finally help to push the use of the updated protocol.
Update: Hole not as big as we were lead to believe:
However, Zalewski says that the flaw is not new, everyone has known about it since 1996 and it was unlikely to cause an "internet melt-down".Zalewski was credited as one of the folks that discovered the above TCP flaw, the quote is from theinquirer.net.