from

As shown in this blog posting, two Swedish security researchers at Outpost24, Jack C. Louis and Robert E. Lee, were recently interviewed by Brenno de Winter for the De Beveiligingsupdate site about their proof-of-concept “SockStress” tool which evolved from their development and use of their open source Unicorn Scan network scanning tool.

“SockStress” (not publicly released) reportedly uses several new techniques to create a low-bandwidth (as low as ten packets per second) local resource depletion attack resulting in denial of service (DoS) by TCP servers (www, ftp, smtp, pop, etc.) running Windows, Linux, BSD, undisclosed routers, and other Internet appliances.

Although the researchers plan to demonstrate their techniques on October 17th, at the end of the second day of the forthcoming T2′08 conference in Helsinki, Finland, their 44 minute interview on September 30th, 2008 for the De Beveiligingsupdate site (see original and edited audio links below) provided far too much detail — enough so that any informed packetsmith who understands the TCP protocol would be able to easily recreate their attacks.

As a consequence, they effectively “went public” with their discovery of these vulnerabilities after informing other vendors only a few weeks beforehand (see rough time line below).

  • Outpost24’s Press Release
    Dated October 2nd, 2008, this is Outpost24’s official web site press/news release.
  • Robert E. Lee’s Blog
    Robert is keeping his blog current as events unfold. Therefore, this would be a useful place for keeping an eye on this developing saga.