Comments on: TCP flaws puts Web sites at risk

Researchers testing a port scanner discover multiple flaws within the TCP stack that could create denial-of-service attacks under controlled circumstances.

[rmva]

... here are a couple of clues."

[ckaspereli]

Is it really any surprise? Most software is poorly designed and rarely written to handle every node in the relevant state machine, let alone attempt to describe state transitions. You'd think it were trivial to let every unhandled case default to an error condition but too often testing procedures stress the common code path and not the corners. TCP/IP takes the hit only because it's the most highly scrutinized communication protocol on the planet and because of this, probably the best.

[Thomas, David]

*cough* Clears throat

Someone can spam call your phone to create a denial service attack.

People need to get a grip, and not over-react. What types of computers, and which operating systems were they using? Were they clients, servers, or other? Were all ports open? Where they using an old industry standard port that used to be intended for firmware access? Why did the network traffic stop the computers from working, and what is the definition of stop? Did stop communicating, shut down? WHAT!

[michaelawsutton]

http://research.zscaler.com/2008/10/i-know-something-you-dont-know.html

"I have no doubt that I'll be thoroughly impressed once details of the attack are finally released. It does however make me uncomfortable to know that the clock is ticking and we can only sit on the sidelines to wait and see if motivated attackers are able to beat vendors to the punch and exploit this vulnerability before it can be patched."

Michael Sutton
VP, Security Research
Zscaler

[biffhenerson]

Flaws in TCP that cause unintended DoS were presented during a security session at Microsoft Tech-Ed in 2006. These flaws were reported to the governing agency and no action has been taken as it affects the fundamental foundation/stack.