Wednesday, April 15, 2009

Re-visiting the End of Internet (SockStress): Meltdown the internet in few seconds

Few months back, researchers come out with the generic vulnerability held in TCP/IP services. This vulnerability affects almost all systems utilizing TCP stack, including Windows, Linux, Mac and BSD. However, the attack itself is a new breed of denial of service (DoS) attacks. Researchers also put forward the sockstress tool to demonstrate the devastating affects of such vulnerabilities. The full details regarding this threat will come out in June.

The attack can be described as following:

1. Attacker sends TCP-SYN raw packet to the destination port.
2. The target OS respond with SYN/ACK packet as a part of 3-way handshake process.
3. Extracting initial sequence numbers and other information from received packet, attacker now sends the final ACK packet to complete the connection process.

Although, the process looks similar to the 3-way handshake process but remember the packets sent from attacker zone are from userland rather than OS based TCP stack.

More information is available at:
http://www.sockstress.com/

Various Press/Media coverage at:
http://www.grc.com/sn/notes-164.htm