B-Sides Denver: Talk submitted 1-30-13

Two Scary Denial-of-Service Attacks

I will explain and demonstrate two attacks that can kill machines. A new, stronger IPv6 Router Advertisement flood attack was released in October, 2012. It can freeze or crash Windows 8, Mac OS X, BSD Unix, and Android.

Sockstress was developed in 2008, but was never thoroughly patched. It works remotely and can damage Web servers so badly that they cannot be rebooted. It abuses an intrinsic feature of TCP; so almost any device that uses TCP is vulnerable.

I will also discuss countermeasures for these attacks--the easiest is to filter them out with firewalls.

Audience

Intended audience: Anyone with a basic understanding of TCP/IP. Especially important for those who are responsible for keeping Web servers up.

Selected Previous Talks at Infosec Cons:

Defcon 20 Skytalk, 2012: The Breach That Wasn't
Defcon 19, 2011: Three Generations of DoS Attacks (with Audience Participation, as Victims)
Defcon 18, 2010: My talk: Who Cares About IPv6?
Defcon 17, 2009: Hijacking Web 2.0 Sites with SSLstrip and Slowloris--Hands-on Training
Defcon 15, 2007: Teaching Hacking at College

United Security Summit, 2012: The Deluded Insider Threat

Baythreat, 2012: Data Breaches and Password Hashes PLUS the New IPv6 RA Flood Attack
Baythreat, 2011: Whitehat Vigilante
Baythreat, 2010: Getting Started With IPv6

Layer 1, 2011 Layer 7 DoS Attacks and Defenses

Posted 6 pm 1-30-13 by Sam Bowne