"Two researchers in Sweden have found multiple flaws in the TCP stack that could lead to massive denial-of-service attacks if exploited. At present there is no workaround and there are no patches available"
Full story here (http://news.zdnet.co.uk/security/0,1000000189,39497753,00.htm)
Another vulnerability. Oh joy. :)
Quote from: Sebby on Oct 03, 2008, 11:07:14
Another vulnerability. Oh joy. :)
Apart from patching, this is what ADSL is for as well Sebby :)
Anyone want to buy a couple of routers? ;D
I have got some carpentry to do... :P
:back:
:rofl: Chip off the old block then Seb. ;)
:grn:
From what I hear, the problem is to do with SYN cookies, which can actually be disabled in Linux boxes without a reboot.
The downside of disabling SYN cookies is you are more reliable to 'standard' DDoS attacks, but these types of attacks just generally temporarily hog resources rather than cause the system to fall into a state where a reboot is necessary (excluding older Windows machines of course). You can also likely use network IP filtering to hold out against normal DoS attacks, crude as it may be.
QuoteFrom what I hear, the problem is to do with SYN cookies, which can actually be disabled in Linux boxes without a reboot.
The downside of disabling SYN cookies is you are more reliable to 'standard' DDoS attacks, but these types of attacks just generally temporarily hog resources rather than cause the system to fall into a state where a reboot is necessary (excluding older Windows machines of course). You can also likely use network IP filtering to hold out against normal DoS attacks, crude as it may be.
catch22 really, if one Dos doesn't get you the other one will :)