There has been a lot of buzz lately about the Denial of Service vulnerability that a Swedish security firm, Outpost24, have discovered.  Right now, the details are a bit limited, as the researchers aren’t going to release details until they present at the T2 conference in Helsinki later this month.  This is similar to the way the DNS issue was handled earlier this summer by Dan Kaminsky.  So being that security research people tend to be a curious sort there has to be rabid speculation about what the problem really is.

Some very smart people have weighed in with their thoughts, including Fyodor(of nmap fame), Graham, and Kaminsky has a great post on the meta issue of partial disclosure.  From what I can tell this will just be a minor blip for most people, those with services large enough to be DoS’d have largely distributed systems and won’t really be affected by this any differently than a flood from a botnet, only able to be done more efficiently, and in fact it will be easier to mitigate since this type of attack does not allow for spoofed connections.

But this may shape up to be one of those issues that affect control systems more than the average system.  We’ve already seen that excessive network traffic can cause major problems, but with this form of attack the same problems could manifest themselves with a very limited number of packets from a compromised system, and given the lack of monitoring tools in a lot of those networks that may make it extremely hard to track down, and make for a very rough day for operators.

Since the full scope of the vulnerability isn’t public yet (probably) not much more than the usual advice can be offered, separated networks, acls, and monitoring are very good defenses if deployed properly.  We’ll keep following this as I’m sure many of you will, problems in underlying protocols like TCP don’t come around every day.