Linux DDoS

Maintainers behind the Linux kernel have rolled out patches in the past weeks for two bugs that are just ideal for causing havoc via DDoS attacks.

Both bugs affect the Linux kernel’s TCP stack and are known to trigger excessive resource usage in Linux-based systems.

Exploiting both bugs requires sending malformed TCP or IP packets, respectively, to a targeted server, personal computer, tablet, or smartphone. The attack triggers a resource exhaustion operation (increased CPU and RAM use) that leads to a reboot of the affected system.

SegmentSmack and FragmentSmack

The two bugs are known as SegmentSmack (CVE-2018-5390) and FragmentSmack (CVE-2018-5391).

Attackers can exploit SegmentSmack via a specially crafted stream of TCP segments, while FragmentSmack requires a specially crafted stream of IP datagrams.

The source of the problem for SegmentSmack resides in the tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions, while FragmentSmack occurs because of the way the Linux kernel handles reassembly of fragmented IPv4 and IPv6 packets.

Devices running Linux kernel 4.9 and later are vulnerable to SegmentSmack, while devices running Linux kernel 3.9 and later are vulnerable to FragmentSmack.

Just ideal for DoS/DDoS attacks

Because we’re talking about TCP and IP packets here, this also means these vulnerabilities can be exploited remotely, and are ideal for weaponizing as part of DoS or DDoS attacks.

No proof of concept code is currently available online, which somewhat reduces the immediate danger to device owners.

The Linux kernel project has released an updated version that includes fixes for both [