October 8, 2008

Denial of Service - Sockstress

Sock Stress is a new type of Denial of Service which was developed by Jack C. Louis. According to nmap creator Fyodor, the attacker sends a TCP SYN packet to a targeted port, but first by making sure that a firewall protects his own machine as to prevent it to interfere with the attack process. The main reason for the protection is as to avoid the attacker’s computer to reset the unexpected returned SYN/ACK packet (2nd step of the TCP 3 way handshake). This is obvious since the attacker sent the SYN packet from userland and not the operating system’s API. According the Fyodor, the attacker’s pc from userland will therefore reply to each packet by sending another raw packet. That packet is therefore the acknowledgment packet.

That attempt to explain it was partially denied by Robert Lee as being the overall “methodology”, however has refused to comment further more on it. As far as it is being said, no current fix or system is known to be able to prevent Sock stress to take down a tcp stack server.

(for further info: http://blog.robertlee.name/2008/09/sockstress-podcast-interview.html)