Researcher's Death Hampers TCP Flaw Fix 147
linuxwrangler writes "Security researcher Jack Louis, who had discovered several serious security flaws in TCP software was killed in a fire on the ides of March, dealing a blow to efforts to repair the problem. Although he kept good notes and had communicated with a number of vendors, he died before fixes could be created and prior to completing research on a number of additional vulnerabilities. Much of the work has been taken over by Louis' friend and long-time colleague Robert E. Lee. The flaws have been around for a long time and would allow a low-bandwidth 'sockstress' attack to knock large machines off the net."
Original /. story (Score:3, Informative)
New Denial-of-Service Attack Is a Killer [slashdot.org] (01 October 2008)
Re:Robert E. Lee (Score:2, Informative)
I knew jack pretty well, this flaw is legit. Robert E. Lee (aka jrl) was in fact his partner, but in many people's opinions, he rode jack's successes.
This story is really very sad, jacks passing was something that happened in the middle of the night with no warning, he was in the prime of his life and a VERY bright guy.
Robert E Lee is a real name by the way.
Here's the guy... (Score:5, Informative)
Well, everyone's having a good laugh at the expense of the death of this guy. May as well laugh at a picture of him. [unicornscan.org]
Naptha all over again (Score:4, Informative)
This problem was demonstrated in 2000, with the NAPTHA software and its demonstration that the problem is not academic. Yes, before NAPTHA, there was some software that could demonstrate the issue but this software had issues itself (written in perl, kept state) which limited its effectiveness. SockStress is just NAPTHA revisited.
I have a fix for this problem, but there's not enough room in the margin to describe it.
Re:Naptha all over again (Score:3, Informative)
Can you guarantee that the fix will be rolled out to everyone at the same time?
The fix has already been rolled out long ago.
Do you know what the fix is? Source address level filtering [www.cert.fi]. It's that simple.
This attack is less of a threat than SYN flooding attacks, because the attacker's address can't be spoofed. More information from Fyodor [insecure.org].