The Sky is Falling...Again
October 01, 2008 | POSTED BY BRETT EDGAR IN GIVE ME MORE INTERNETS!, SECURITY
The Internet security community is abuzz with rumors of an attack against the TCP protocol that can DoS almost (if not all) machines. The attack is against the TCP state machine. Details are very sketchy, but the rumors suggest that an extremely low-bandwidth attack could effectively kill a machine to the point that it must be rebooted to once again be effective at communicating on the network.
Adding to the hype is the claim that almost all machines running TCP can be attacked, regardless of the vendor. Windows, Linux, Mac, Solaris, all manner of embedded devices, etc., are all supposedly vulnerable.
It seems like a "vulnerability" like this (that is, one that will completely cripple the Internet) is announced once a year. A few details
[t2.fi] are released to the media that make the vulnerability sound really scary in an effort to hype the conference where the full details are going to be discussed (which, in this case, is "T2 '08" in Helsinki, Finland).
Call me a skeptic, but these usually turn out to be false. The sallacious details released to the media are mere propaganda items to increase interest. This particular vulnerability will probably turn out to be a non-issue except on your local network, which should be a (relatively) trustworthy area, anyway.
To sum it up: don't go jumping out of a window yet.