Abeon Tech

A serious TCP/IP Vulnerability known as “SockStress” has been found, exploited, and information released by a Security group called Outpost24.

This latest vulnerability not only has severe implications for many web masters, designers and programmers, but also affects routing servers and any system with TCP stack processes exposed to the outside world.

After the latest DNS poisoning vulnerability, webmasters seem on edge about how insecure the very foundations of the internet are (mainly due to being created before security was even thought of).

Sockstress is the name of the tool created by Outpost24, which they are still testing before releasing it. They have, however, walked through how the attack could be achieved in great detail. Some security experts have showed concern over how they handled the information released.

The sockstress attack seems to be limited to the TCP stack, but mixes several techniques to allow a very low-bandwidth hacker to deplete local resources (memory, swap file and even kernel file abuse). Just a few packets a second and a little amount of time are needed to take down a server. As little as nine packets and a few minutes are all that is suggested to be needed!

More »