Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Sockstress TCP Attack

0

0

Article ID: JSA10390 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 3.0
Legacy Advisory Id:
PSN-2008-10-041
Product Affected:
Extensive testing was done on our products. During the DOS attack, the system would be DOSed (as expected). Systems recovered once the attack was removed.
Problem:
Update 8 Sept 2009, 1700 UTC.

A "TCP weakness" presented by Outpost24 is slowly leaking to the public (as of October 3, 2008). This TCP weakness has been called the "Sockstress TCP Attack." It is a variant of other "stateless TCP attack tools." Netkill, Ndos, and NAPTHA are examples of the same sort of stateless TCP attack tools. The Sockstress TCP Attack is not a "new" TCP attack, just an optimization on an existing "class" of TCP attacks.

CERT-FI has released details of the Sockstress Attack. These details can be found here:

https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html

Juniper Networks received the Sockstress tool and executed testing on all our platforms. We have found no unexpected or adverse impact to our equipment which is different from other types of TCP Denial of Service (DOS). When the Sockstress DOS attack is removed, Juniper systems recover normally.

Solution:

Given that Sockstress is not a new 'class' of TCP attacks, existing Best Common Practices (BCPs) used to protect Juniper products from TCP based DOS attacks are the best investment of time.

Severity Level:
Low
Severity Assessment:
Juniper Networks received the Sockstress tool and executed testing on all our platforms. We have found no unexpected or adverse impact to our equipment which is different from other types of TCP Denial of Service (DOS). When the Sockstress DOS attack is removed, Juniper systems recover normally. Given that Sockstress is not a new 'class' of TCP attacks, existing Best Common Practices (BCPs) used to protect Juniper products from TCP based DOS attacks are the best investment of time.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search