Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft, Cisco Finally Patch TCP DoS Flaw

Posted by kdawson on from the who-needs-a-botnet dept.

Trailrunner7 writes "Today vendors are finally releasing patches for the TCP vulnerabilities first publicized nearly a year ago that affect a huge range of networking products, including any device running a version of Cisco's IOS software, and a number of Microsoft server and desktop operating systems. Both Microsoft and Cisco released fixes for the vulnerabilities today. The Microsoft Patch Tuesday release included the fix for the TCP flaw, which affects Windows Server 2003 and 2008, as well as Windows Vista, both the 32-bit and 64-bit editions, and Windows 2000 SP4, for which no fix is coming. The TCP flaws were identified several years ago and were made public last year by two researchers at Outpost24, Jack C. Louis and Robert E. Lee. Louis, who has since died, developed a tool called Sockstress that tested for the flaw and was able to maintain extremely long-term TCP connections with remote machines using very little bandwidth."

5 of 114 comments (clear)

  1. very, very old vulnerability by neko+the+frog · · Score: 4, Funny

    I mean, Robert E. Lee has been dead for *decades*.

    --
    -- the opinions stated above aren't those of my employer. in fact, they're probably not even my own. you know what, ju
    1. Re:very, very old vulnerability by UncleTogie · · Score: 2, Funny

      It must have taken an army of coders to fix these flaws.

      It was easy. They had confederates!

      --
      Don't tell me to get a life. I'm a gamer; I have LOTS of lives!
  2. Hey things take time. by palegray.net · · Score: 4, Funny

    Just think of all the meetings that had to be convened, coffee brewed, dinners expensed discussing the potential impact of these flaws, input from the legal department on the cost of fixing the bug versus potential liability including agreement to the shrinkwrap license that absolves MS of any liability unless a judge someday says otherwise, reading the tea leaves, God the list goes on and on.

    I'm proud of them for releasing this fix in such a timely fashion.

    --
    512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
  3. Re:what's the point of IOS? by mat128 · · Score: 2, Funny

    Obviously at the time IOS was designed, everyone would write their own special-purpose operating system for embedded devices. These days, wouldn't it make more sense to just scrap it and switch to Linux? Lots of other manufacturers are doing it (Linksys, Netgear, D-Link, etc.). This would certainly prevent this kind of embarassment.

    you have no idea how big and dedicated the Cisco IOS is!

  4. Re:Better Late than never? by bertoelcon · · Score: 2, Funny

    You must be new here, by not RTFA you get "+1 normal /. reader".

    --
    Anything can be found funny, from a certain point of view.