http://sciencex2.org/en/taxonomy/term/3283 The taxonomy view with a depth of 0. en http://sciencex2.org/en/node/52736 <h3 class="field-label">Description</h3> <div class="content"> <p>Jack Louis and Robert Lee, from Outpost24 (<a href="http://www.outpost24.com/" title="http://www.outpost24.com/">http://www.outpost24.com/</a>), are scheduled to give a talk at the T2'08 Information Security Conference in Finland later this month giving details on a new, and dangerous, denial of service attack that uses TCP state table manipulation. The attack is unique in that it is cross platform and requires very little bandwidth to be executed.[1] This attack also has a prolonged impact on the hardware that lasts beyond the denial of service. As a blogger from a recent talk from Louis and Lee wrote, &quot;After this introduction it was time for them to show their application Sockstress. Unfortunately they couldn&rsquo;t disclose any technical details about it but they ran two demos and it was quite amazing.Exploiting a vulnerability they showed us how they brought down port 80 on a web server (or actually the presentation laptop) in a matter of seconds. A typical Denial of Service attack. The next demo was even better. The started playing music on the very same laptop and then started Sockstress. After about two minutes the music wouldn&rsquo;t play the way it was supposed to. It was slowed down, the CPU was at 100% etc. They then stopped sockstress but the machine never came back. It kept misbehaving even though the attack was over. What was really interesting was that both these attacks only sent 4 packages each second to the server machine. That&rsquo;s nothing and could be done on a 56k modem. Scary but cool.&quot; Louis and Lee have contacted vendors regarding the various bugs they have found which allow for this exploit but aren't releasing technical details at this time due to the fact that there are currently no short-term fixes.[3] Concern has been expressed in the security community that just the simple talks given thus far may be enough of a recipe for a low-level hacker to easily replicate the attack.</p> <div class="og_rss_groups"><ul class="links"><li class="first last og_links"><a href="/en/node/13855" class="og_links">Computer &amp; Information Science</a></li> </ul></div></div> <div class="field field-type-text field-field-source"> <h3 class="field-label">Source</h3> <div class="field-items"> <div class="field-item"><p>[1]"Jack C. Louis and Robert E. Lee to talk about New DoS Attack Vectors", T2'08 Conference, August 27, 2008, Jack C. Louis and Robert E. Lee to talk about New DoS Attack Vectors<br /> [2]"Sec-T, Day 1", Norden Felt, September 12, 2008, <a href="http://blog.nordenfelt.com" title="http://blog.nordenfelt.com">http://blog.nordenfelt.com</a><br /> [3]"Snake Bytes: New DOS Attack is a Killer", RSnake, darkREADING, September 30, 2008, <a href="http://www.darkreading.com/blog.asp?blog_sectionid=403&amp;doc_id=164939&amp;WT.svl=tease2_2" title="http://www.darkreading.com/blog.asp?blog_sectionid=403&amp;doc_id=164939&amp;WT.svl=tease2_2">http://www.darkreading.com/blog.asp?blog_sectionid=403&amp;doc_id=164939&amp;WT.svl=tease2_2</a></p> </div> </div> </div> http://sciencex2.org/en/node/52736#comments denial of service internet vulnerability jack louis outpost24 robert lee sockstress Ethics in Science Computer &amp; Information Science Thu, 02 Oct 2008 12:48:48 -0700 Jerry Sheehan 52736 at http://sciencex2.org