Re: TCP Resource Exhaustion Attacks

[Fyodor <fyodor () insecure org>]

On Thu, Oct 02, 2008 at 09:37:41AM -0500, Ron wrote:
> Fyodor wrote:
>
> For anybody who isn't paying attention (like me, till just now), Robert 
> E. Lee replied to Fyodor's post, saying that, while he makes good 
> points, he isn't spot on:
>
> http://blog.robertlee.name/2008/10/conjecture-speculation.html

They have probably added enough flourishes and implementation details
to their attack that they consider their attack to be original and
unique. There are many variants of this attack which make effective
DoS attacks. With Nmap, the challenge is sometimes to make sure
devices *don't* crash. The key point is that it was already relatively
easy to take down services with DoS attacks (and it happens constantly
every day), so there is no need for the “we can't release details for
the safety of the Internet” routine. If it is so important that they
need to wait for vendor coordination before providing details, why do
they need to do all the press releases and interviews now? It is also
an amazing coincidence that when we've seen this sort of thing lately,
the only safe (and “responsible”) time to release the details always
happens to be exactly when the researchers are giving their big
presentations.

-Fyodor

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org