This Security Response has an associated Security Advisory at:
This is Cisco's response to research presented by Robert E. Lee and
Jack Louis of Outpost24 who have announced several denial of service (DoS)
vulnerabilities that involve the manipulation of TCP state table information.
These vulnerabilities have been discussed on numerous websites and blogs,
including a presentation delivered by Lee and Louis at the T2 conference in
Helsinki, Finland on October 17, 2008.
Cisco PSIRT is aware of the vulnerabilities and is actively
investigating what impact these vulnerabilities may have on Cisco products.
PSIRT will disclose any security vulnerabilities discovered in compliance with
Cisco's security vulnerability policy:
PSIRT is working with Outpost24 and the Finnish Computer Emergency
Response Team (CERT-FI) as part of the industry response to these
vulnerabilities. An announcement from CERT-FI is available at the following