Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security The Internet

Researcher's Death Hampers TCP Flaw Fix 147

linuxwrangler writes "Security researcher Jack Louis, who had discovered several serious security flaws in TCP software was killed in a fire on the ides of March, dealing a blow to efforts to repair the problem. Although he kept good notes and had communicated with a number of vendors, he died before fixes could be created and prior to completing research on a number of additional vulnerabilities. Much of the work has been taken over by Louis' friend and long-time colleague Robert E. Lee. The flaws have been around for a long time and would allow a low-bandwidth 'sockstress' attack to knock large machines off the net."
This discussion has been archived. No new comments can be posted.

Researcher's Death Hampers TCP Flaw Fix

Comments Filter:
  • by nurb432 ( 527695 ) on Wednesday April 08, 2009 @04:04PM (#27509575) Homepage Journal

    Or was he silenced?

  • Is there anything Robert E. Lee CAN'T do?
    • Re:Geez (Score:5, Funny)

      by PotatoFarmer ( 1250696 ) on Wednesday April 08, 2009 @04:08PM (#27509643)
      Win the civil war?

      Sincerely,
      a smug Yankee.
      • But... (Score:5, Funny)

        by Roger W Moore ( 538166 ) on Wednesday April 08, 2009 @04:30PM (#27509947) Journal
        I thought you Americans did win that one?
        • Talk to a lot of people in rural Georgia and Alabama and such, and though they're Americans they'll still tell you they lost the war.
          • by Tomy ( 34647 )

            But they don't call it the Civil War, rather "The War of Northern Aggression," which apparently was fought for "States Rights."

            • they didn't loose, they are just bideng their time till they can rise up again!
            • T-shirt idea:

              "Rebel Condoms - Because the South shall rise again." printed around a condom package with a rebel flag on it.

        • Re: (Score:3, Funny)

          by Maestro485 ( 1166937 )
          Dear guys, Words can not express how much I hate you guys. As we fight our way northward into the great unknown, only that one thing remains certain: that I hate you guys with every tired muscle in my Confederate body. We have taken Topeka and now I must rally the men onward to Missoura, because I will not stop until we have won it all and you guys are my slaves. Because, I hate you guys, I hate you guys so very very much. Yours, General Cartman Lee
    • Don't get killed in a fire?
  • by Hoi Polloi ( 522990 ) on Wednesday April 08, 2009 @04:07PM (#27509641) Journal

    Much of the work has been taken over by Louis' friend and long-time colleague Robert E. Lee.

    Clearly this was the result of a conspiracy by veterans of the civil war. I hope the other researchers, Grant and Lincoln, hear about this.

    • Dare you impugn the honor of Robert E. Lee, good sir? He may be our enemy, but that doesn't mean he's not a gentleman!
  • Robert E. Lee (Score:5, Insightful)

    by verbalcontract ( 909922 ) on Wednesday April 08, 2009 @04:08PM (#27509645)

    Was it necessary to refer to his colleague as Robert E. Lee? Now we're going to get a ton of "South will rise again" jokes.

    • Assuming this is accurate, the guy could go by Bob Lee or even Robert Lee. The only reason to add the E is for attention.
      • Which is what sockstress has been about since the beginning. With attacks known for years (go check out netkill.pl or read a couple chapters Fyodor wrote for the stealing the network books) being readily available, these guys came out with an "OMG TEH INT@RWEBZ BE D!3ING!" causing a mass of media hype - claiming they would release more details later and generally be good about it.

        But we've heard nothing of them since it happened (except for a few "coming soon" posts in the week or two afterwards), and now
    • Re: (Score:2, Informative)

      by Anonymous Coward

      I knew jack pretty well, this flaw is legit. Robert E. Lee (aka jrl) was in fact his partner, but in many people's opinions, he rode jack's successes.

      This story is really very sad, jacks passing was something that happened in the middle of the night with no warning, he was in the prime of his life and a VERY bright guy.

      Robert E Lee is a real name by the way.

    • by geekoid ( 135745 )

      AS if saying "The South will rise again." isn't a big enough joke.

    • Now we're going to get a ton of "South will rise again" jokes.

      I hope they do rise again. This time we'll let them go.

      -- Another Smug Yankee

    • Robert E. Lee? Now we're going to get a ton of "South will rise again" jokes.

      Sir, this is Slashdot. The only way you'll get any rise in the south is with hot grits.

  • by mrbene ( 1380531 ) on Wednesday April 08, 2009 @04:08PM (#27509649)
    Less than a week ago is was Rick752 [slashdot.org]. Now this one. Definitely reinforces the importance of collaboration, and the fragile nature of ideas.
  • Original /. story (Score:3, Informative)

    by stevied ( 169 ) * on Wednesday April 08, 2009 @04:10PM (#27509683)

    New Denial-of-Service Attack Is a Killer [slashdot.org] (01 October 2008)

    • Still waiting for it to kill something ...

      • Still waiting for it to kill something ...

        The one person who was going to fix the flaw was killed under mysterious circumstances. COINCIDENCE? I THINK NOT!! :P

  • ... so I guess this guy passing away shouldn't make us too worried.
  • by Anonymous Coward

    Suspect is a guy name Brutus, last seen wearing a plain white bedsheet.

  • It's not a joke when you tell someone to DIAF on the Internet. What if someone told him that before he died? Think of how guilty they'd feel now!

  • What the fuck (Score:5, Insightful)

    by Godji ( 957148 ) on Wednesday April 08, 2009 @04:27PM (#27509909) Homepage
    So a good scientist dies and all Slashdotters can do is attempt whoring out a +5 Funny with lame jokes?

    My high regard for the Slashdot community is obviously misguided.

    It's a great loss for the research community and my condolences go to his family. And really, that's a nasty way to go... :(
    • by momerath2003 ( 606823 ) * on Wednesday April 08, 2009 @04:31PM (#27509959) Journal

      High regard for the Slashdot community? Wow, dude, you seriously are misguided.

      • Re: (Score:2, Insightful)

        by summner ( 735993 )
        I believe something has happened to the slashdot community in recent times. It seems as if it became polluted or diluted, with people thinking of themselves as geeks or nerds or whatever, but being neither.
        I see history repeat it self as it happened with Digg, the only difference - Digg started from level which slashdot is currently at.
        I think it might be a good time for me too look for new web 2.0 news source which has for instance some kind of IQ level discrimination. Or drop this unproductive habit of
        • PS/2? That machine sucked!

        • by celle ( 906675 )

          "I see history repeat it self as it happened with Digg, "

          Digg wasn't the first time either. Long ago, there was usenet, then the endless summer when the idiots showed up. Slashdot reached the endless summer long ago, and now it's just getting stupider.

          • It wasn't endless summer, it was eternal September. As in the month when students got their first computer and decided to let the Internet know that they knew nothing.

        • by sowth ( 748135 )

          I think a lot of the unfunny jokes and trolls and "first posts" are from actual children, and perhaps some mentally ill adults in the mix. Seriously who else would think some of the crap they write is funny or even worth the effort to write. It looks like the Internet has replaced the TV as the "universal babysitter." All of the "think of the children" idiots say we should censor the Internet, but really we should keep the children off the Internet. It wasn't built for them.

          If I ever get my forum going, I

        • I think it might be a good time for me too look for new web 2.0 news source which has for instance some kind of IQ level discrimination.

          Web 2.0? With IQ? Sorry, lost cause.

        • ycombinator [ycombinator.com]
    • Go for a !funny tag? or... peoplearejerkfaces
    • Comment whoring for +1 funny mods is like pimping out your girlfriend for monopoly money.

    • Re: (Score:2, Interesting)

      The upside to this (if there is to be one) is that most people can die in their sleep in a fire. Smoke inhalation can kill you without you waking up. Let's all hope he never awoke.

      On the utter downside, we all seem to be losing bright minds. We lost Hans Reiser [wired.com], Rick752 [slashdot.org], PCLinuxOS lost N1PTT (Robert Green) [pclinuxos.com] just to name a few more.

      It just goes to show you how fragile life really is. Some chose to celebrate it with us other geeks and share some code and what not. I thank you all that do!

      Shitty year
    • Re:What the fuck (Score:4, Insightful)

      by Tridus ( 79566 ) on Wednesday April 08, 2009 @04:55PM (#27510337) Homepage

      People react in different ways to news like this. There's nothing wrong with making jokes, especially since a lot of us had no idea who he was.

      200 posts of "my condolonces" doesn't make for interesting reading.

    • Re: (Score:3, Insightful)

      by ivoras ( 455934 )
      If statistic's having anything to say, he would probably, as a geek, rather be remembered for the "Great Ides Of March Slashdot Postfest" than for a bunch of eulogies and condolences from unknown people.
    • What's sad is the fact that +1 funny has no effect on karma at all.

      • Shit, that came out wrong. I meant to say that it's sad that people whore for karma that they won't even get, and do so regarding something so serious. I agree with the (now) GP, really a shame.

    • Re: (Score:3, Funny)

      by Anonymous Coward

      What, like RST in peace?

    • So a good scientist dies and all Slashdotters can do is attempt whoring out a +5 Funny with lame jokes?

      Technically, you can't call it whoring. Sleeping around, maybe.
      Because getting Moderated Funny doesn't increase your Karma.

      From the FAQ [slashdot.org]
      Note that being moderated Funny doesn't help your karma. You have to be smart, not just a smart-ass

    • Did yelling at other people make you feel like a better person?

    • Hi, I prefer only Insightful, Informative, and Interesting comments. Could you help me in setting a filter for this comments in http://slashdot.org/my/comments [slashdot.org]
    • There is over a million people, cowards and bots here, do you really believe that they are a community?

  • Here's the guy... (Score:5, Informative)

    by tjstork ( 137384 ) <todd.bandrowskyNO@SPAMgmail.com> on Wednesday April 08, 2009 @04:36PM (#27510041) Homepage Journal

    Well, everyone's having a good laugh at the expense of the death of this guy. May as well laugh at a picture of him. [unicornscan.org]

  • by drwho ( 4190 ) on Wednesday April 08, 2009 @04:38PM (#27510083) Homepage Journal

    This problem was demonstrated in 2000, with the NAPTHA software and its demonstration that the problem is not academic. Yes, before NAPTHA, there was some software that could demonstrate the issue but this software had issues itself (written in perl, kept state) which limited its effectiveness. SockStress is just NAPTHA revisited.

    I have a fix for this problem, but there's not enough room in the margin to describe it.

    • Can you guarantee that the fix will be rolled out to everyone at the same time?

      Because this just seems like it's going to cause chaos once it is reverse engineered.
      See: Conficker [wikipedia.org] which is attacking the estimated 30% of unpatched Windows PCs

      At some point, something epic is going to happen and we'll end up with:
      A. OSes take away your control over updates, or
      B. ISPs take away your access unless you are updated

      Then again, there's also the remote possibility that windows/linux will become resistant to remote and

      • Re: (Score:3, Informative)

        by pyrrhonist ( 701154 )

        Can you guarantee that the fix will be rolled out to everyone at the same time?

        The fix has already been rolled out long ago.

        Do you know what the fix is? Source address level filtering [www.cert.fi]. It's that simple.

        This attack is less of a threat than SYN flooding attacks, because the attacker's address can't be spoofed. More information from Fyodor [insecure.org].

        • Re: (Score:3, Insightful)

          by drwho ( 4190 )

          Source address level filtering does provide some level of protection against a SYN flood. The problem is, it is not universally implemented. Another problem is someone who doesn't care to hide their address. If you are doing more than a SYN flood, but more advanced TCP hijinx, you need to use your read IP address anyhow. So, it's not much of a fix. Neither is the recommendations which came out back in 2000, which was to increase the resource limits that the operating system imposed upon the IP stack. I coul

          • Re: (Score:3, Interesting)

            by pyrrhonist ( 701154 )

            Source address level filtering does provide some level of protection against a SYN flood.

            My point was that this attack has to use a valid IP, because it needs to create a connection. It is therefore easier to block than a SYN flood, which could spoof any address or groups of addresses.

            The problem is, it is not universally implemented.

            That's news to me. Which commercial firewall hardware does not have this ability?

            Another problem is someone who doesn't care to hide their address. If you are doing more than a SYN flood, but more advanced TCP hijinx, you need to use your read IP address anyhow. So, it's not much of a fix.

            That's exactly what this attack entails. The attacker has to use their real address with this, so it's easier to block them at the firewall. You might have a problem with your bandwidth, but you'd have that same exact problem rega

      • by drwho ( 4190 ) on Wednesday April 08, 2009 @07:56PM (#27512403) Homepage Journal

        My fix is on the server side. It does not require changes in the stack code of clients who would connect to it. Reverse-engineering it would gain the attackers nothing. An all-or-nothing fix would not be much of a fix. Neither would one which was successful based upon its obscurity.

        I am not telling you what it is because I am hoping that Microsoft will pay me some money to give them access to it. Apple as well (and Sun if they're still around). Once these are secured, I will open the invention to the FOSOSs. (Free Open Source Operating Systems). Call me greedy if you want, but I am tired of researching security and not getting paid for my hard work. That's why you haven't seen me by this handle or my real name posting security advisories for some time.

  • by Reason58 ( 775044 ) on Wednesday April 08, 2009 @04:41PM (#27510105)

    You would think someone like that would have a firewall.

  • It's a shame he had to die that way, burning to death must be horrible. I can also understand why there's going to be such a delay in fixing the TCP/IP issue: nobody ever plans for a developer being caught in a fire. Now, if he'd only managed to get hit by a bus, everything would have been OK, because everybody plans for that.
    • Re: (Score:3, Insightful)

      by Dreadneck ( 982170 )

      I would imagine any death where you're aware that you're dying (i.e. not dying in your sleep or getting shot in the back of the head) is horrible.

      Honestly, what would you prefer? Being eaten alive? Drowning? Cancer? Airplane crash? Being hit by a car? Being stabbed? etc.

      Death sucks regardless of the circumstance, imho.

    • by JustOK ( 667959 )

      but if, and only if, he was wearing clean underwear.

    • The article says that he died of smoke inhalation. I'm sure that isn't fun, but it is not nearly as painful as burning to death. Fortunately, many fire victims actually die of smoke inhalation/lack of oxygen rather than from burns.

    • by jthill ( 303417 )

      there's going to be such a delay in fixing the TCP/IP issue

      Yeah, the real nasty part is it isn't a TCP issue really.

      Forcing anomalies in session behavior causes the receiving system to dedicate resources to recovery tracking, and in host systems built by the insufficiently professional those resources are limited, provisioned to handle ~plausible~ loads.

      These guys say they got Windows to bork itself so hard a reboot wouldn't fix it. Different OS's are apparently vulnerable to different attacks — Windows, Linux and OS X all have different vulnerability sets

  • ...just use connlimit. There are some slight flaws in it but there is certainly no need to allow someone to open a thousand connections.
  • The current quote at the bottom of this /. page seems a bit in bad taste. Maybe the /. software has not only become sentient, but become an arse-hole too:

    If all else fails, immortality can always be assured by spectacular error. -- John Kenneth Galbraith

  • Why is it that every description of this problem that I've read so far does not present a problem.
    The sockstresss.com itself provides a horrible description of it in the front page. All it appears to do is open up multiple tcp sockets.

    Apparently the source IPs are not spoofed, thus the syn cookies are not at play, so how can it not hit a max connections per source IP? Any tcp service worth didley must use that in some form or the other.

    If someone has some (f)actual information about this, please, provide a

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...