Still no fix for TCP DoS weakness

Author: Ryan Naraine
minute read

Software vendors and security officials in several countries have been working for nearly six months on a fix for a serious flaw in a number of TCP implementations that caused a lot of controversy and speculation last fall. The problem could allow attackers to consume all of the resources on a given remote server, essentially making it unusable.

Now, it appears that the release of a patch for the weakness may not come for several more months.

Software vendors and security officials in several countries have been working for nearly six months on a fix for a serious flaw in a number of TCP implementations that caused a lot of controversy and speculation last fall. The problem could allow attackers to consume all of the resources on a given remote server, essentially making it unusable.

Now, it appears that the release of a patch for the weakness may not come for several more months.

CERT-FI, the Finnish computer emergency response center, has been working with vendors that are affected by the weakness and officials said that they have mostly determined the scope and seriousness of the problem. There’s no specific timetable for a concurrent release of a patch for the problem, but officials said they’re hopeful that a fix will be ready “during this year.”

“Work on determining the scope and impact of the vulnerability has now been largely completed. Several vendors are currently in various phases of patch development process and have also documented various workarounds and mitigating factors. Judging by the current progress, CERT-FI is confident that functional fixes to mitigate the threat can be expected to be released during this year,” CERT-FI said in a statement.

Few details about the nature of the TCP attack have been made public, but the morsels that have come out are tantalizing. The attack was developed by a pair of experts at a Swedish security company called Outpost24. While doing some large penetration tests, Jack C. Louis and Robert E. Lee found that they could use up all of the resources of the TCP service on a remote machine. They needed very little bandwidth to execute the attack, and it turned out that the only reliable way to recover from the attack is to reboot the server.

Louis wrote a tool called Sockstress that exploited the TCP weakness and allowed him to avoid the protection mechanism known as SYN cookies that some servers use to prevent SYN flood attacks.

On his blog, Lee said that he his hopeful that the full release of information on the TCP problem will come in June.

Suggested articles

Cybersecurity for your growing business
Cybersecurity for your growing business

Topics

Show all

Authors

Threatpost

InfoSec Insider

Infosec Insider Post

Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Content

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.