Newly discovered vulnerabilities in TCP could take down data centers

Vendors are scrambling to rectify a bag of nasty vulnerabilities in TCP that appear to have the potential to cause an Internet meltdown. Discovered by Robert Lee and Jack Louis from security vendor Outpost 24, the flaws allow a denial of service (DOS) attack that can be launched to cripple servers running various operating systems, as well as firewalls. Aside from the fact that very little bandwidth (and only a few seconds) is required for a successful attack, it is scary to think that affected systems could well remain disabled even after the cessation of an attack run. Taken together, it certainly is well within the realm of plausibility to take down an entire data center from a single terminal.

Everything started off when Louis noticed some anomalous situations in which machines would stop responding in some very specific circumstances when scanned. Further experimentation and research yielded a tool called "sockstress," which does the dirty work mentioned above. Elaborating, Lee noted that the vulnerability stems from "at least five", and perhaps as many as 30 different problems, which logically means short-term solutions or temporary mitigations are unlikely.

What really caught my attention here was that even IPv6 services are not spared, since they still sit on top of the vulnerable TCP stack. Indeed, they are more affected due to the fact that they require more resources to run.

Folks, it has been almost a quarter of a century since TCP/IP saw widespread use as a required protocol of ARPANET in 1983. If the extent of the potential damage only just discovered is even partially accurate, this incident will only serve to confirm that security is a journey, not a destination. - Paul