A secure democratic Net is a fundamental right

source

* The ITbusiness is being briefed and informed and is trying to develop responses. But as it is a technique, people will develop new methods as long as the technique itself has not been disarmed or cleaned up.

"Last month, Lee and Louis began notifying unnamed makers of operating systems, routers, firewalls, and other TCP-enabled wares with the help of the Computer Emergency Response Team in Finland. So far, Outpost24 has shared multiple attack scenarios with them, and Lee said vendors were only in the early stages of grasping the problem"

* but maybe here is a solution

"Lee will say only that the class of attack takes advantage of the way resources are allocated immediately after TCP-enabled devices complete the three-way handshake (syn, syn-ack, ack) that is required for two internet-connected devices to interact."

so, just a thought but may a defense not be the allocation of resources to these connection. If they would have a time-out or an authentification or a limit or something to just kill it if there is no real transfer in x milliseconds, wouldn't that keep the machine up and running ? Maybe this could be put together much faster and that could be used for other attacks on the 'resources' of the IP enabled machines.

And a very interesting comment to think about

Probably involves SYN Cookies 

By Anonymous Coward Posted Thursday 2nd October 2008 10:04 GMT

SYN Cookies were introduced to defend against SYN Attacks, they have always been a bit controversial, but in the main have done well.

A guess is someone has found a flaw there, with a similar effect to a SYN Attack which leaves a system with half open connections making the SYN queue fill out until connections are dropped.

The SYN Cookie protects against that, but there are a few weaknesses, and those could be exploited (normally combination attack though).

It is worth bearing in mind that quite a few thought that SYN attacks were unavoidable, so if SYN cookies can be used to consumer resource it is back. As to IPv6 that will open a new kettle of vulnerabilities. And it is not like people go oohh I need this new feature, TCP is about creating a connection over a connectionless medium, having to do that without the SYN queue was a bit of a leap in the first place, SYN Cookies try to do it via transmission which at first glance looks more hazardous, though interesting idea.

Whilst most are claiming there is no known defence, it is possible to trace people doing SYN attacks, it does require help from each of the router maintainers so it is not easy, but it is possible. So, doubtful the Net is going away any time soon. It is a bit like roads cannot stop foreign tanks rolling down them, well I suppose you can mine the road, and setup checkpoints and you can do similar things on the net.