Fyoder (the author of nmap if you’ve been sleeping under a rock) has posted a write up on the recent TCP Dos flaw.
UPDATE: According to a post by Robert Lee this isn’t the issue.
"Robert Lee and Jack Louis recently went public claiming to have
discovered a new and devastating denial of service (DoS)
vulnerability in the core TCP/IP protocol stack used for almost all
Internet communication. They refuse to release details before their talk at the T2 security conference
in Finland on October 17. Yet they have given many alarming interviews,
and the press is having a field day spreading fear and uncertainty.
Articles have appeared on The Register (“DoS attack reveals (yet another) crack in net’s core”), Slashdot (“New Denial-of-Service Attack is a Killer”), Search Security (“TCP is fundamentally borked”),
and many more publications. In the Register article, Robert Lee says
“We haven’t found anybody who has a TCP stack that runs TCP based
services that isn’t vulnerable” and that a target machine “basically
self thrashes, and the only recovery after about two to four minutes
worth of attack flow, even after the attack stops, is to reboot the
machine”. The SearchSecurity article ends with this chilling paragraph:
"The best advice I have right now is don’t allow
anonymous connections. Make whitelist so only certain IP addresses can
come in,” Lee said, acknowledging the impracticality of that for a Web
server or mail server or virtually any other TCP-enabled device.
“There’s no real workaround right now."
While I know and respect these researchers, I’ve had enough of the
recent spate of people announcing (supposedly) massive security
vulnerabilities, then refusing to back up their claims with details
until a talk weeks or months away. Obviously Dan Kaminsky ignited
this recent trend with his DNS flaw. While many of the researchers
are earnest and call this “responsible disclosure”, it
often reeks like a PR campaign. When you tell the press that
you’ve discovered a core Internet protocol flaw so severe that you
can’t even provide any details for fear that the entire network could
come crashing down, they just eat that up and it devolves into a media
circus.
I don’t presume to tell people how to report
vulnerabilities—disclosure has long been one of the most
personal and political issues in the security community. So I let them decide for themselves. But I
don’t need to keep quiet if I figure out or independently discover an
issue. And I suspect that I’ve nailed this one. I recognize their
vague description of the attack and results because I’ve written and
used a similar DoS tool. I was not the first to do so, either."
Read more: http://insecure.org/stf/tcp-dos-attack-explained.html
