Thursday, October 02, 2008

TCP weakness could potential result in new DoS attacks

Two researches (supposedly) discovered a new weakness in the TCP implementation that allows even with a relatively small up-link to run DoS attacks with high bandwidth web servers (e.g. Google, Ebay, etc.). So far no independent verification has been done but it would not surprise me if this is just another major flaw that we have to deal with.

Read Robert Graham's blog post: http://erratasec.blogspot.com/2008/10/tcp-dos-probably-real.html

1SSA - Security consulting, training and products: http://www.1ssa.net