A pair of Swedish researchers said this week that they have discovered a fundamental flaw in the transmission control protocol (TCP) -- an underlying internet protocol -- that could result in widespread denial-of-service attacks.
TCP, along with IP, are the protocols used to send information over the internet, for example, between a web browser and a web server.
Robert Lee and Jack Louis of Outpost24 said during a Swedish podcast that they were running their penetration testing port scanner when they discovered the problem, which involves the way machines handle TCP connection requests.
"It would lead you sometimes to hit network windows where the connectivity was bad where you would experience packet loss," Louis said.
This caused certain stacks "to end up in strange states...when there was packet loss," he said.
The result was a denial-of-service condition.
"[The port scanner] would retransmit certain packets over and over again until the device actually rebooted," said Lee, Outpost's CSO.
The two men currently are organizing a multi-vendor effort to fix the problem. No patch or workaround exists.
The researchers said they originally discovered the flaw in 2005 but decided to come forward now considering the risk may grow, especially if IPv6, the latest internet layer protocol, becomes a dominant factor.
See original article on scmagazineus.com
Newly discovered TCP flaw brings devices to their knees
By Dan Kaplan on Oct 3, 2008 10:35AM