New Denial-of-Service Attack Is a Killer

ancientribe writes "Hacker RSnake blogs about a newly discovered and deadly denial-of-service attack that could well be the next big threat to the Internet as a whole. It goes after a broadband Internet connection and KOs machines on the other end such that they stay offline even after the attack is over. It spans various systems, too: the pair of Swedish researchers who found it have already contacted firewall, operating system, and Web-enabled device vendors whose products are vulnerable to this attack." Listen to the interview (MP3) — English starts a few minutes in — and you might find yourself convinced that we have a problem. The researchers claim that they have been able to take down every system with a TCP/IP stack that they have attempted; and they know of no fix or workaround.

I cant believe this is the first comment,

[Aliks]

Some DOS attack on Slashdot in progress?

Re:I cant believe this is the first comment,

[neokushan]

Yeah, some stupid user deltree'd the whole site!

Re:I cant believe this is the first comment,

[mcgrew]

No, it's my fault. I linked to slashdot from slashdot, slashdotting slashdot. So slashdot's slashdotted.

Sorry.

Re:I cant believe this is the first comment,

[neokushan]

AHAHAHAHAHA! You left your system open to hacking! HAHAHAHA! Look at all this animal porn you have! HAHAHA I'm deleting your OS's Kernel right n

Pfffft

[MyLongNickName]

Doesn't affect me. I haven't used DOS in YEARS. Some folks need to move up to Windows 3.1. That is where it is at.

Re:Pfffft

[eserteric]

Uhh, you know that's still based on DOS right? You should update to Windows 95 like me to be safe.

Re:Pfffft

[Remloc]

Nope, NT 3.1 circa '93. We were an early adopter on a currently top of the line Pentium (1)--50 MHz, I believe. Thing would BSOD if you more than looked at it funny.

Re:Go for it, take on my machine!

[BenoitRen]

Thief! That's MY address!

Nah

[Twinbee]

Ignore the story, there's very little chance that a single virus can take down all systems, especially if the user is not running Windows.

I for instance have multiple rock solid software and hardware firewalls, and most ports blocked - I'd like to see it try taking dow

pff

[amnezick]

Typical /. reaction to potential danger:

"Hah. Until I don't taste nuclear winter snow I don't believe that's gonna happen'"

Give the man his nuke. He earned it.

Re:fearmongering

[Cro+Magnon]

(this having to wait 5 minutes between posts is a pain in the ass. Anyone else stuck with this restriction?)

My sig answers your question. :)

I'm safe

[goddidit]

This doesn't me since use I UDP all communications communications for.

Re:DON'T PANIC!

[Tanktalus]

Apparently, I should panic:

# cat /proc/sys/net/ipv4/tcp_syncookies
cat: /proc/sys/net/ipv4/tcp_syncookies: No such file or directory
# echo 0 > /proc/sys/net/ipv4/tcp_syncookies
bash: /proc/sys/net/ipv4/tcp_syncookies: No such file or directory

I CAN'T TURN IT OFF!

(Manually-built kernels FTW!:

$ gunzip -c /proc/config.gz | grep -i syn.*cook
# CONFIG_SYN_COOKIES is not set

)

WOOT! Narrowband (tm) rules!

[doc_doofus]

It goes after a broadband Internet connection

Ha, ha, laugh at my dial-up connection now!

Re:DON'T PANIC!

[shrikel]

Oh no, me too!!

C:\Documents and Settings\Adam>cat /proc/sys/net/ipv4/tcp_syncookies
'cat' is not recognized as an internal or external command, operable program or batch file.