Re: [Full-disclosure] low bandwidth DoS attack against TCP/IP stack
[EMAIL PROTECTED] wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > >> There's been some buzz about a new bug within the TCP/IP-protocol. >> According to the people who discovered it, it affects some if not >> all >> OSes. They explain it a little bit in an interview (URL below) >> without >> telling any details. > > Fyodor released some speculation earlier today: > > http://insecure.org/stf/tcp-dos-attack-explained.html And Robert E. Lee posted on his blog that Fyodor's explanation doesn't actually describe the bug they found. http://blog.robertlee.name/2008/10/conjecture-speculation.html Kind regards, Jorrit ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] low bandwidth DoS attack against TCP/IP stack
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >There's been some buzz about a new bug within the TCP/IP-protocol. >According to the people who discovered it, it affects some if not >all >OSes. They explain it a little bit in an interview (URL below) >without >telling any details. Fyodor released some speculation earlier today: http://insecure.org/stf/tcp-dos-attack-explained.html -BEGIN PGP SIGNATURE- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQMCAAYFAkjk4Y4ACgkQGwcl4JwqQeDHygP/eNkFlemEk7YejfDjv/nPjmRqm0B8 gVWcDZxvFa04GWqL9yglxDKD3VstzoW9WzQjj0FQTTmOOYUOVSmO8PeADuo3OpRNysZF ktQzbMr3SIJmk58CiG8yOUBH/IGcVMZ0c3sUYfWFijyVFi7dVRRiGAebpGiHk9JeMH+l VFFBf8k= =imq7 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] low bandwidth DoS attack against TCP/IP stack
Hey all, There's been some buzz about a new bug within the TCP/IP-protocol. According to the people who discovered it, it affects some if not all OSes. They explain it a little bit in an interview (URL below) without telling any details. http://debeveiligingsupdate.nl/2008/09/30/de-beveiligingsupdate-3-socketstress-denial-of-service-at-your-service/ (the podcast starts off in Dutch, but switches to English when the actual interview starts). Does anyone know more about it? Or are we just going to have to wait for T2'08? ( http://www.t2.fi/2008/08/27/jack-c-louis-and-robert-e-lee-to-talk-about-new-dos-attack-vectors/ ) Kind regards, Jorrit ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
