Sockstress
Lukasz Jaroszewski
sigtrm at gmail.com
Thu Oct 9 12:29:43 UTC 2008
Hi,
I am wondering about sockstres informations recently published. I cant
really figure what new they could found. Do we have anything to worry about?
;-)
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1332898,00.html
``(...)Sockstress computes and stores so-called client-side SYN cookies and
enables Lee and Louis to specify a destination port and IP address. The
method allows them to complete the TCP handshake without having to store any
values, which takes time and resources. "We can then say that we want to
establish X number of TCP connections on that address and that we want to
use this attack type, and it does it," Lee said.(...)''
``(...)Lee said that when and _if_ specific vendors develop workarounds for
the issues, they will release details of those issues.(...)''
Was FreeBSD team contacted? ;)
--
Regards/Pozdrawiam
LVJ
--------------------------------------------------------------------------------------------------
They must find it difficult, those that take authority as truth, instead of
truth as the authority
More information about the freebsd-hackers
mailing list