Supplemental Resources and Links for Episode #164



Resource links for Security Now! Episode #164:
SockStress
My Great Talk with Jack & Robert
As soon as this weeks' Security Now! audio files were available, I wrote to Robert E. Lee to let him and Jack know about the content of the podcast. Since I felt that I had been quite harsh toward them over on the topic of their premature over-disclosure of this class of vulnerabilities, I wanted them to learn of my comments directly from me rather than from someone else.

Robert answered my eMail immediately, suggesting that we talk on the phone while in the meantime he and Jack listened to the podcast. After he and Jack had digested what I had said, they re-listened to their own interview since they felt that I had expanded tremendously (too much) upon what little they felt they had said. (Of course, my position was that they had already said way more than they should have.)

Although we immediately took our conversation “off the record”, I can share that they are very unhappy that their little interview has received as much attention as it has, appearing on Slashdot and continuing to pick up steam from there. Consequently, they are also not happy that it came to my attention and became this week's Security Now! topic. They just wanted their work to come to the attention of all of the correct, and none of the incorrect, people. Soon it will be known to everyone.

I like both Robert and Jack a lot, and I believe that they are good guys. I think that they probably underestimated the pool of talent and knowledge that's just sitting around waiting for another Internet protocol mystery to reverse-engineer and unravel now that Dan Kaminsky's DNS spoofing exploit is old news. We'll see what happens. Stay tuned.
As shown in this blog posting, two Swedish security researchers at Outpost24, Jack C. Louis and Robert E. Lee, were recently interviewed by Brenno de Winter for the De Beveiligingsupdate site about their proof-of-concept “SockStress” tool which evolved from their development and use of their open source Unicorn Scan network scanning tool.

“SockStress” (not publicly released) reportedly uses several new techniques to create a low-bandwidth (as low as ten packets per second) local resource depletion attack resulting in denial of service (DoS) by TCP servers (www, ftp, smtp, pop, etc.) running Windows, Linux, BSD, undisclosed routers, and other Internet appliances.

Although the researchers plan to demonstrate their techniques on October 17th, at the end of the second day of the forthcoming T2'08 conference in Helsinki, Finland, their 44 minute interview on September 30th, 2008 for the De Beveiligingsupdate site (see original and edited audio links below) provided far too much detail — enough so that any informed packetsmith who understands the TCP protocol would be able to easily recreate their attacks.

As a consequence, they effectively “went public” with their discovery of these vulnerabilities after informing other vendors only a few weeks beforehand (see rough time line below).

The Audio of Their Interview
http://debeveiligingsupdate.nl/audio/bevupd_0003.mp3 (43.1 MB)
This is the original full audio of the interview. The English portion of the interview begins 5 minutes and 10 seconds into this audio file and continues for the balance of the file's 44 minutes and 11 seconds.

It is an overly large file because it was encoded in stereo, even though the audio content is monophonic. So we have re-encoded the entire original file in mono, reducing its size by half. Also, as shown below, we have trimmed the initial non-English portion and encoded the audio in various smaller formats:

Entire Interview 44 min, 10 sec, 64 kbps, 21.1 MB
Entire Interview 44 min, 10 sec, 16 kbps, 5.3 MB
Trimmed Interview 38 min, 59 sec, 64 kbps, 18.7 MB
Trimmed Interview 38 min, 59 sec, 16 kbps, 4.7 MB


Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2016 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page

Last Edit: May 04, 2013 at 18:12 (1,482.50 days ago)Viewed 3 times per day