http://www.osnews.com/story/20363/Sockstress_a_New_and_Effective_DoS_Attack Exploring the Future of Computing en-us Copyright 2001-2012, David Adams adam+nospam@osnews.com Wed, 15 Feb 2012 13:05:21 GMT http://www.osnews.com/images/osnews.gif http://www.osnews.com http://www.osnews.com/thread?332820 http://www.osnews.com/thread?332820 Fydoor was explaining the typical DOS attack. Nothing really new with that. He also explained the different ways to selectively target resources to bring down the machine. I don't think that's particularly new either. As they haven't published details, its difficult to tell what, if anything, makes it distinct. Tue, 07 Oct 2008 16:15:00 GMT donotreply@osnews.com (Bill Shooter of Bul) Comments http://www.osnews.com/thread?332822 http://www.osnews.com/thread?332822 and it's even harder to asses if it's "most devastating of the bunch." without knowing jack about it.
But hey, hype sells. Tue, 07 Oct 2008 16:23:00 GMT donotreply@osnews.com (Soulbender) Comments http://www.osnews.com/thread?332904 http://www.osnews.com/thread?332904 It's actually very serious. What makes it new is that it's easy to do and does not take much resources to accomplish the DoS attack. It is basically a way to get around the problem syn cookies was supposed to fix. If you want to learn more about it I suggest listening to episode #164 of Security Now. http://www.grc.com/securitynow.htm Wed, 08 Oct 2008 07:29:00 GMT donotreply@osnews.com (Fahrbot) Comments http://www.osnews.com/thread?332906 http://www.osnews.com/thread?332906 Oh yeah, GRC. A truly reliable source for security information. Gibson would never be caught hyping anything (raw sockets will doom the internet!) out of proportion. Wed, 08 Oct 2008 08:00:00 GMT donotreply@osnews.com (Soulbender) Comments http://www.osnews.com/thread?332910 http://www.osnews.com/thread?332910 This sounds like such a simply-structured attack that I wouldn't mind betting that OpenBSD took care of this about five years ago.

Given that apparently all that is required to foil it is to block the offending IP address, pf would look at an "attack" like this and say "come on now, gimme something hard to do...." Wed, 08 Oct 2008 09:20:00 GMT donotreply@osnews.com (obsidian) Comments http://www.osnews.com/thread?332911 http://www.osnews.com/thread?332911 There was a tool called 3wahas that does exactly this, and was released many years ago, back in the late 90s if i remember. Wed, 08 Oct 2008 09:22:00 GMT donotreply@osnews.com (bert64) Comments http://www.osnews.com/thread?332919 http://www.osnews.com/thread?332919 Steve is w/o a doubt a kook, but he's also usually correct, even when he drastically overstates things. An unpopular opinion, I'm aware. Wed, 08 Oct 2008 12:41:00 GMT donotreply@osnews.com (zombie process) Comments