Errata’s CEO discussed on their blog, the recent announcement of a TCP vulnerability to allow DoS attacks.  Read more about the original announcement here: Dark Reading - New DOS Attack Is a Killer - Snake Bytes

Errata’s Response:

Errata Security: TCP DoS (probably) real

They (the researchers) describe one mechanism. A TCP stack tries to figure out the maximum speed of your connection, in order to slow down data transmission so that packets won’t be dropped. One technique they describe is to behave as if their connection were getting slower and slower to the point that the TCP stack is tricked into believing it will take years to complete the transmission of data. This forces the TCP stack to keep trying for years to send just a few bytes.

How do we fix these problems? The problem is a resource-leak like the more common memory-leak. Back when I worked on the TCP stack for the Proventia IPS, we designed the code and test cases to deal with exactly this sort of resource-leak. The trick is to create billions of connections, with special tools like this, then verify that once everything is gone, that you indeed have gone back to zero resources.

This new “bug” appears like a tcp windowing vulnerability.  TCP Windows is a process by which a server attempts to reduce the size of the packets being sent in order to accomodate traffic issues.  It’s a lot like turning down a sink faucet because too much water is coming out, or turning it up when you need more water.  The problem with this, is if you can reduce the window to a small enough size, you can slow down a small 64K transaction down to 1K/packet which could (in theory) clog that outbound port for an indefinite amount of time.  If you send enough requests, you could take down a connection, even with a dial-up connection.  The other problem here, is load.  It takes CPU to maintain an open port and perform the tcp throtteling.  Modern OS’s and some appliances perform TCP offloading.  That is, they leave that load on the NIC.  So I’m not sure how much of an issue, that would be.