The Internet security community is abuzz with rumors of an attack against the TCP protocol that can DoS almost (if not all) machines.  The attack is against the TCP state machine.  Details are very sketchy, but the rumors suggest that an extremely low-bandwidth attack could effectively kill a machine to the point that it must be rebooted to once again be effective at communicating on the network.

Adding to the hype is the claim that almost all machines running TCP can be attacked, regardless of the vendor.  Windows, Linux, Mac, Solaris, all manner of embedded devices, etc., are all supposedly vulnerable.

It seems like a “vulnerability” like this (that is, one that will completely cripple the Internet) is announced once a year.  A few details[t2.fi] are released to the media that make the vulnerability sound really scary in an effort to hype the conference where the full details are going to be discussed (which, in this case, is “T2 ’08″ in Helsinki, Finland).

Call me a skeptic, but these usually turn out to be false.  The sallacious details released to the media are mere propaganda items to increase interest.  This particular vulnerability will probably turn out to be a non-issue except on your local network, which should be a (relatively) trustworthy area, anyway.

To sum it up: don’t go jumping out of a window yet.

Brett Edgar

Brett is a Founder and the Director of Managed Security Services at TRUE. He has been working in the system and network forensics field since graduating from the University of Tulsa with a B.S. Computer Science in 2003. He speaks hexadecimal fluently and is TRUE's resident human Ethernet transceiver. He holds CISSP, CSSLP, and CNSS 4011-4015 certificates, loves MLB and NCAA Football, and when he gets tired of hexadecimal, he goes home to hang out with his wife and kid.

Twitter - More Posts