Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researcher's Death Hampers TCP Flaw Fix

Posted by timothy on from the sad-news-and-bad-news dept.

linuxwrangler writes "Security researcher Jack Louis, who had discovered several serious security flaws in TCP software was killed in a fire on the ides of March, dealing a blow to efforts to repair the problem. Although he kept good notes and had communicated with a number of vendors, he died before fixes could be created and prior to completing research on a number of additional vulnerabilities. Much of the work has been taken over by Louis' friend and long-time colleague Robert E. Lee. The flaws have been around for a long time and would allow a low-bandwidth 'sockstress' attack to knock large machines off the net."

31 of 147 comments (clear)

  1. Accidental Death? by nurb432 · · Score: 3, Funny

    Or was he silenced?

    --
    ---- Booth was a patriot ----
  2. I blame the CSA by Hoi+Polloi · · Score: 4, Funny

    Much of the work has been taken over by Louis' friend and long-time colleague Robert E. Lee.

    Clearly this was the result of a conspiracy by veterans of the civil war. I hope the other researchers, Grant and Lincoln, hear about this.

    --
    It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
  3. Re:Geez by PotatoFarmer · · Score: 4, Funny

    Win the civil war?

    Sincerely,
    a smug Yankee.

  4. Robert E. Lee by verbalcontract · · Score: 5, Insightful

    Was it necessary to refer to his colleague as Robert E. Lee? Now we're going to get a ton of "South will rise again" jokes.

    1. Re:Robert E. Lee by Anonymous Coward · · Score: 2, Informative

      I knew jack pretty well, this flaw is legit. Robert E. Lee (aka jrl) was in fact his partner, but in many people's opinions, he rode jack's successes.

      This story is really very sad, jacks passing was something that happened in the middle of the night with no warning, he was in the prime of his life and a VERY bright guy.

      Robert E Lee is a real name by the way.

  5. Dang low bus factors! by mrbene · · Score: 5, Interesting

    Less than a week ago is was Rick752. Now this one. Definitely reinforces the importance of collaboration, and the fragile nature of ideas.

  6. Re:Come on... by Sir_Lewk · · Score: 3, Insightful

    Screw off you insensitive clod.

    --
    "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
  7. Original /. story by stevied · · Score: 2, Informative

    New Denial-of-Service Attack Is a Killer (01 October 2008)

  8. Beware the Ides of March! by Anonymous Coward · · Score: 2, Funny

    Suspect is a guy name Brutus, last seen wearing a plain white bedsheet.

  9. Re:Brutus set the fire by Red+Flayer · · Score: 2, Funny

    He should have bewared the Ides of March.

    Idiot. The correct grammar is:

    He should have beworn the Ides of March.

    --
    "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  10. What the fuck by Godji · · Score: 5, Insightful

    So a good scientist dies and all Slashdotters can do is attempt whoring out a +5 Funny with lame jokes?

    My high regard for the Slashdot community is obviously misguided.

    It's a great loss for the research community and my condolences go to his family. And really, that's a nasty way to go... :(

    1. Re:What the fuck by momerath2003 · · Score: 5, Funny

      High regard for the Slashdot community? Wow, dude, you seriously are misguided.

      --
      I had but a simple dream, to destroy all humans.
    2. Re:What the fuck by Haley's+Comet · · Score: 2, Interesting

      The upside to this (if there is to be one) is that most people can die in their sleep in a fire. Smoke inhalation can kill you without you waking up. Let's all hope he never awoke.

      On the utter downside, we all seem to be losing bright minds. We lost Hans Reiser, Rick752, PCLinuxOS lost N1PTT (Robert Green) just to name a few more.

      It just goes to show you how fragile life really is. Some chose to celebrate it with us other geeks and share some code and what not. I thank you all that do!

      Shitty year for us all I guess?

      --
      The Illuminati would kill me, but I'm not rich enough to take notice of.
    3. Re:What the fuck by Tridus · · Score: 3, Insightful

      People react in different ways to news like this. There's nothing wrong with making jokes, especially since a lot of us had no idea who he was.

      200 posts of "my condolonces" doesn't make for interesting reading.

      --
      -- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
    4. Re:What the fuck by eln · · Score: 4, Funny

      But it worked for Jesus!

      Actually, Jesus came back from the dead for the sole purpose of taking his revenge out on all those lamoids who kept shouting out "Hey Jesus, how's it hangin'?" while he was up there on the cross. He spent most of his time between the resurrection and his final ascension into Heaven giving out wedgies and telling people to "stop hitting themselves".

      Of course, much of that has been lost in the various translations of the Gospels.

    5. Re:What the fuck by ivoras · · Score: 2, Insightful

      If statistic's having anything to say, he would probably, as a geek, rather be remembered for the "Great Ides Of March Slashdot Postfest" than for a bunch of eulogies and condolences from unknown people.

      --
      -- Sig down
    6. Re:What the fuck by maxume · · Score: 5, Insightful

      150,000 strangers died today. Picking 5 of them and feeling bad about it is awful damn close to insanity.

      --
      Nerd rage is the funniest rage.
    7. Re:What the fuck by Anonymous Coward · · Score: 3, Funny

      What, like RST in peace?

    8. Re:What the fuck by summner · · Score: 2, Insightful

      I believe something has happened to the slashdot community in recent times. It seems as if it became polluted or diluted, with people thinking of themselves as geeks or nerds or whatever, but being neither.
      I see history repeat it self as it happened with Digg, the only difference - Digg started from level which slashdot is currently at.
      I think it might be a good time for me too look for new web 2.0 news source which has for instance some kind of IQ level discrimination. Or drop this unproductive habit of mine whatsoever.
      PS I hardly ever LoL'ed at any +5 Funny post here.
      PS/2 I really just don't get the culture of lol, a fucking smirk is not laughing out loud goddammit.

      A man has died, and you fucking joke about it because he had a friend named Robert E Lee. Well if it wasn't for your stupid American movies I wouldn't even have any idea who Lee was.

  11. But... by Roger+W+Moore · · Score: 5, Funny

    I thought you Americans did win that one?

    1. Re:But... by Anonymous Coward · · Score: 2, Funny

      LA

    2. Re:But... by Maestro485 · · Score: 2, Funny

      Dear guys, Words can not express how much I hate you guys. As we fight our way northward into the great unknown, only that one thing remains certain: that I hate you guys with every tired muscle in my Confederate body. We have taken Topeka and now I must rally the men onward to Missoura, because I will not stop until we have won it all and you guys are my slaves. Because, I hate you guys, I hate you guys so very very much. Yours, General Cartman Lee

  12. Here's the guy... by tjstork · · Score: 5, Informative

    Well, everyone's having a good laugh at the expense of the death of this guy. May as well laugh at a picture of him.

    --
    This is my sig.
  13. Naptha all over again by drwho · · Score: 3, Informative

    This problem was demonstrated in 2000, with the NAPTHA software and its demonstration that the problem is not academic. Yes, before NAPTHA, there was some software that could demonstrate the issue but this software had issues itself (written in perl, kept state) which limited its effectiveness. SockStress is just NAPTHA revisited.

    I have a fix for this problem, but there's not enough room in the margin to describe it.

    1. Re:Naptha all over again by pyrrhonist · · Score: 2, Informative

      Can you guarantee that the fix will be rolled out to everyone at the same time?

      The fix has already been rolled out long ago.

      Do you know what the fix is? Source address level filtering. It's that simple.

      This attack is less of a threat than SYN flooding attacks, because the attacker's address can't be spoofed. More information from Fyodor.

      --
      Show me on the doll where his noodly appendage touched you.
    2. Re:Naptha all over again by drwho · · Score: 2, Insightful

      Source address level filtering does provide some level of protection against a SYN flood. The problem is, it is not universally implemented. Another problem is someone who doesn't care to hide their address. If you are doing more than a SYN flood, but more advanced TCP hijinx, you need to use your read IP address anyhow. So, it's not much of a fix. Neither is the recommendations which came out back in 2000, which was to increase the resource limits that the operating system imposed upon the IP stack. I could go on and on, on how each measure so far implemented has just raised the bar against these type of attacks, but hasn't really done much to prevent them. Yes, you might not be able to knock over a stock OpenBSD install with 1023 packets any more, but the problem persists.

    3. Re:Naptha all over again by drwho · · Score: 3, Interesting

      My fix is on the server side. It does not require changes in the stack code of clients who would connect to it. Reverse-engineering it would gain the attackers nothing. An all-or-nothing fix would not be much of a fix. Neither would one which was successful based upon its obscurity.

      I am not telling you what it is because I am hoping that Microsoft will pay me some money to give them access to it. Apple as well (and Sun if they're still around). Once these are secured, I will open the invention to the FOSOSs. (Free Open Source Operating Systems). Call me greedy if you want, but I am tired of researching security and not getting paid for my hard work. That's why you haven't seen me by this handle or my real name posting security advisories for some time.

    4. Re:Naptha all over again by pyrrhonist · · Score: 2, Interesting

      Source address level filtering does provide some level of protection against a SYN flood.

      My point was that this attack has to use a valid IP, because it needs to create a connection. It is therefore easier to block than a SYN flood, which could spoof any address or groups of addresses.

      The problem is, it is not universally implemented.

      That's news to me. Which commercial firewall hardware does not have this ability?

      Another problem is someone who doesn't care to hide their address. If you are doing more than a SYN flood, but more advanced TCP hijinx, you need to use your read IP address anyhow. So, it's not much of a fix.

      That's exactly what this attack entails. The attacker has to use their real address with this, so it's easier to block them at the firewall. You might have a problem with your bandwidth, but you'd have that same exact problem regardless of the fix you choose to implement. You'd also have that same problem during a SYN flood.

      Neither is the recommendations which came out back in 2000, which was to increase the resource limits that the operating system imposed upon the IP stack. I could go on and on, on how each measure so far implemented has just raised the bar against these type of attacks, but hasn't really done much to prevent them.

      If you read the alert from CERT-FI, it says:

      March 23 2009. Discussions have been ongoing with a number of vendors, and several of them are currently in various phases of patch development process. Judging by the current progress, CERT-FI is confident that functional fixes to mitigate the risk can be expected to be released during this year.

      (Which, BTW, if you expect to sell your solution to vendors, you'd better hurry up.)

      My point was that the collapse of the internet due to this attack has been completely exaggerated. As Fyodor explains, this type of attack has been known about for a long time, and it can be filtered.

      --
      Show me on the doll where his noodly appendage touched you.
  14. Died in a fire by Reason58 · · Score: 3, Funny

    You would think someone like that would have a firewall.

  15. woooooooooosh! by RiotingPacifist · · Score: 2, Insightful

    n/t

    --
    IranAir Flight 655 never forget!
  16. Re:It's a shame. by Dreadneck · · Score: 2, Insightful

    I would imagine any death where you're aware that you're dying (i.e. not dying in your sleep or getting shot in the back of the head) is horrible.

    Honestly, what would you prefer? Being eaten alive? Drowning? Cancer? Airplane crash? Being hit by a car? Being stabbed? etc.

    Death sucks regardless of the circumstance, imho.

    --
    Power does not corrupt - power attracts the corrupt.