From: Scott M Vermillion (scott_ccie_list@it-ag.com)
Date: Fri Oct 03 2008 - 00:26:40 ART
OS X!?
LOL
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Ahmed Elhoussiny
Sent: Thursday, October 02, 2008 8:59 PM
To: Cisco certification
Subject: TCP/IP security breach
Hello Guys , does any one heared about this ?
If yes , any one know what is that traffic flow pattern .... lol
Researchers at Finnish security firm Outpost 24 claim to have discovered a
flaw in the Internet Protocol that can disrupt any computer or server.
After keeping the flaw quiet for years, the researchers hope that going
public will help accelerate the creation of a solution.
The flaw allows attackers to cripple computers and servers by sending a few
specially formed TCP/IP packets. The result can be compared to a denial of
service attack, in which networks are flooded with traffic. But in the case
of the newly revealed flaw, only a minimum of traffic is required. "We're
talking 10 packets per second to take down one service," Jack Lewis, a
senior researcher with Outpost24.
Researchers at Fox-IT, a Dutch security firm, confirm the issue. "Based on
the available information, this vulnerability may be a serious problem for
system availability," observed Erwin Paternotte, a researcher with Fox-IT.
"If the technical details are publicly disclosed, performing a
denial-of-service attack will become relatively trivial."
The problem surfaced during a test scan of 67 million Internet hosts. The
researchers were alerted when a test caused some hosts to become
unresponsive. Further investigation led to an issue in the TCP/IP stack.
After a connection is successfully made, important system resources are at
the attacker's disposal.
Each operating system is affected by the flaw, although different systems
respond in different ways. "Each operating system does behave differently,
of course. You might notice with OS X that a couple attacks that don't seem
to bother too much completely devastate Windows XP and the other way
around," said Lewis.
The researchers have crafted proof-of-concept code that demonstrates the
issues. They claim that they hadn't seen a single implementation of TCP/IP
that wasn't vulnerable. Systems remain unresponsive after an attack. "After
the attack is over, the system never seems to recover until it is rebooted,"
said Robert Lee, Outpost24's chief security officer.
Firewalls or intrusion prevention systems are unable to mitigate the flaw,
because they too support TCP/IP and are therefore a potential attack target.
The researchers so far have conceived five different attack scenarios, but
they argue that as many as 30 would be feasible. "You basically have to sit
there and stare through code and figure out what stages you can get to,"
Lewis said.
The researchers are publicising their finding after keeping quiet for three
years, although they don't plan to fully disclose all the flaw's details.
"We hope we can raise awareness and get more people that are smarter than us
involved in looking for a solution," Lee said. Just because we can't think
of a solution doesn't mean there isn't one, just that we haven't thought of
it yet."
But there is another reason. Lee and Lewis see the migration toward IPv6 as
a risk that could aggravate the situation. IPv6 "only makes the issue
bigger, because the address space is bigger," Lee said.
The Finnish CERT is coordinating research into the security issue and
education to software vendors affected by the flaw.
http://www.techworld.com/security/news/index.cfm?newsID=105086&pagtype=samec
han
*Thanks & B.Regards
Ahmed Elhoussiny, CCIE # 21988 (R&S)
Network Eng. & Cisco Academy Instructor
*CCNP-CCDP-CCIP
Cisco Express Foundation Design Specialist ( FOUNDSE 642-371 & LCSE 646-392
)
Cisco IOS Security Specialist ( SNRS 642-503 & SND 642-552 )
Cisco Certified Academy Instructor ( CCAI )
*'I can accept failure. Everyone fails at something.,But I can't accept not
trying'
' Every class i teach , i learn something new myself '*
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Nov 01 2008 - 15:35:19 ARST