Support Center > Search Results > SecureKnowledge Details
Check Point response to Phrack article "Exploiting TCP Persist Timer Infiniteness" (CVE-2009-1926, VU#723308) Technical Level
Symptoms
  • Phrack issue 66 includes an article Exploiting TCP Persist Timer Infiniteness.
    This article describes nkiller2 - a DoS attack tool against a TCP servers. In this technique, the attacker opens TCP connections and sets TCP window size to zero after connection establishment. By acknowledging TCP window probes sent by the victim, the attacker may keep the TCP connection in this state indefinitely or until application under attack times out. This attack exploits RFC-compliant behavior of the TCP persist timer and many TCP implementations are likely to be vulnerable to it.
Solution
On September 8, 2009 Check Point released protection against Sockstress TCP DoS attacks (CVE-2008-4609). This protection mitigates the attack technique implemented in nkiller2.
For more details on this solution, refer to sk42723 - Check Point response to Sockstress TCP DoS attacks (CVE-2008-4609).
This solution is about products that are no longer supported and it will not be updated

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment