DoS through TCP sequence number vulnerability
April 15th, 2005
1 comment
SecurityFocus is reporting that multiple vendors are affected by a newly found design flaw in common TCP implementations. The flaw allows remote attackers to effectively end a TCP session by sending an RST or SYN packet with an approximated TCP sequence number and a forged source IP address. This would reset the TCP connection and effectively cause a denial of service attack. Microsoft is one of a long list of vendors on the affected list so you can bet the eggheads at SlashNot are going to highlight their name among them all.
These postings are provided "AS IS" with no warranties, and confers no rights. The content of this site are my own personal opinions and do not represent my employer's view in anyway. In addition, my thoughts and opinions often change, and as a weblog is intended to provide a semi-permanent point in time snapshot you should not consider out of date posts to reflect my current thoughts and opinions.
