Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researcher's Death Hampers TCP Flaw Fix

Posted by timothy on from the sad-news-and-bad-news dept.

linuxwrangler writes "Security researcher Jack Louis, who had discovered several serious security flaws in TCP software was killed in a fire on the ides of March, dealing a blow to efforts to repair the problem. Although he kept good notes and had communicated with a number of vendors, he died before fixes could be created and prior to completing research on a number of additional vulnerabilities. Much of the work has been taken over by Louis' friend and long-time colleague Robert E. Lee. The flaws have been around for a long time and would allow a low-bandwidth 'sockstress' attack to knock large machines off the net."

2 of 147 comments (clear)

  1. Here's the guy... by tjstork · · Score: 5, Informative

    Well, everyone's having a good laugh at the expense of the death of this guy. May as well laugh at a picture of him.

    --
    This is my sig.
  2. Naptha all over again by drwho · · Score: 3, Informative

    This problem was demonstrated in 2000, with the NAPTHA software and its demonstration that the problem is not academic. Yes, before NAPTHA, there was some software that could demonstrate the issue but this software had issues itself (written in perl, kept state) which limited its effectiveness. SockStress is just NAPTHA revisited.

    I have a fix for this problem, but there's not enough room in the margin to describe it.