Star Sockstress: a New and Effective DoS Attack
Linked by David Adams on Tue 7th Oct 2008 15:20 UTC
Privacy, Security, Encryption "Denial of Service attacks aren’t new, yet they persist in being effective methods of denying access to resources on the Internet. Now meet Sockstress, the newest version of DoS attacks and potentially the most devastating of the bunch."
E-mail Print r 2   7 Comment(s) http://osne.ws/fpn
Order by: Score:
Add Comment Post a Comment

New? No one really knows
by Bill Shooter of Bul on Tue 7th Oct 2008 16:15 UTC
Bill Shooter of Bul
Member since:
2006-07-14

Fydoor was explaining the typical DOS attack. Nothing really new with that. He also explained the different ways to selectively target resources to bring down the machine. I don't think that's particularly new either. As they haven't published details, its difficult to tell what, if anything, makes it distinct.

Reply Bookmark Score: 2

RE: New? No one really knows
by Soulbender on Tue 7th Oct 2008 16:23 UTC in reply to "New? No one really knows"
Soulbender Member since:
2005-08-18

and it's even harder to asses if it's "most devastating of the bunch." without knowing jack about it.
But hey, hype sells.

Reply Bookmark Score: 6

RE: New? No one really knows
by Fahrbot on Wed 8th Oct 2008 07:29 UTC in reply to "New? No one really knows"
Fahrbot Member since:
2008-10-08

It's actually very serious. What makes it new is that it's easy to do and does not take much resources to accomplish the DoS attack. It is basically a way to get around the problem syn cookies was supposed to fix. If you want to learn more about it I suggest listening to episode #164 of Security Now. http://www.grc.com/securitynow.htm

Reply Bookmark Score: 1

RE[2]: New? No one really knows
by Soulbender on Wed 8th Oct 2008 08:00 UTC in reply to "RE: New? No one really knows"
Soulbender Member since:
2005-08-18

Oh yeah, GRC. A truly reliable source for security information. Gibson would never be caught hyping anything (raw sockets will doom the internet!) out of proportion.

Reply Bookmark Score: 2

zombie process Member since:
2005-07-08

Steve is w/o a doubt a kook, but he's also usually correct, even when he drastically overstates things. An unpopular opinion, I'm aware.

Reply Bookmark Score: 2

I bet OpenBSD is immune to it
by obsidian on Wed 8th Oct 2008 09:20 UTC
obsidian
Member since:
2007-05-12

This sounds like such a simply-structured attack that I wouldn't mind betting that OpenBSD took care of this about five years ago.

Given that apparently all that is required to foil it is to block the offending IP address, pf would look at an "attack" like this and say "come on now, gimme something hard to do...." ;)

Reply Bookmark Score: 2

Google for 3wahas
by bert64 on Wed 8th Oct 2008 09:22 UTC
bert64
Member since:
2007-04-23

There was a tool called 3wahas that does exactly this, and was released many years ago, back in the late 90s if i remember.

Reply Bookmark Score: 2

Add Comment Post a Comment