Tag Archives: Dos

DoS through TCP sequence number vulnerability

SecurityFocus is reporting that multiple vendors are affected by a newly found design flaw in common TCP implementations.  The flaw allows remote attackers to effectively end a TCP session by sending an RST or SYN packet with an approximated TCP sequence number and a forged source IP address.  This would reset the TCP connection and effectively cause a denial of service attack.  Microsoft is one of a long list of vendors on the affected list so you can bet the eggheads at SlashNot are going to highlight their name among them all.