About Sockstress
Sockstress is a user-land TCP socket stress framework that can complete arbitrary numbers of open sockets without incurring the typical overhead of tracking state. Once the socket is established, it is capable of sending TCP attacks that target specific types of kernel and system resources such as Counters, Timers, and Memory Pools. Obviously, some of the attacks described here are considered "well known". However, the full effects of these attacks is less known. Further, there are more attacks yet to be discovered/documented. As researchers document ways of depleting specific resources, attack modules could be added into the sockstress framework.
The sockstress attack tool consists of two main parts:
1) Fantaip: Fantaip is a "Phantom IP" program that performs ARP for IP addresses. To use fantaip, type 'fantaip -i interface CIDR', Ex., 'fantaip -i eth0 192.168.0.128/25'. This ARP/Layer 2 function could optionally be provided by other means depending on the requirements of the local network topology. Since sockstress completes TCP sockets in user-land, it is not advisable to use sockstress with an IP address configured for use by the kernel, as the kernel would then RST the sockets. This is not strictly required as the use of a firewall to drop incoming packets with rst flag can be used to achieve the same goal and prevent the kernel from interfering with the attack vector.
2) Sockstress: In its most basic use, sockstress simply opens TCP sockets and sends a specified TCP stress test. It can optionally send an application specific TCP payload (i.e. 'GET / HTTP/1.0' request). By default, post attack it ignores subsequent communications on the established socket. It can optionally ACK probes for active sockets. The attacks take advantage of the exposed resources the target makes available post handshake.
The client side cookies, heavily discussed in blogs, news and discussion lists, is an implementation detail of sockstress, and not strictly necessary for carrying out these attacks.
Read more about this topic: Sockstress