The UK's National Infrastructure Security Co-ordination Centre yesterday reported a fundamental flaw with the core Internet protocol - TCP/IP - which creates a mechanism for hackers to crash vulnerable routers and severely disrupt Internet traffic. The problem stems from the fact that it's far easier to reset TCP/IP sessions using spoofed packets than previously thought.

Routers running Border Gateway Protocol (BGP) are most severely affected by the vulnerability because the protocol relies on a persistent TCP session between BGP peers. These sessions, though easily restarted, could be disrupted as a result of the flaw. Other application protocols such as DNS (Domain Name System) and SSL (Secure Sockets Layer) are potentially vulnerable but to a lesser extent than BGP.

The vulnerability is serious but early predictions of doom are somewhat wide of the mark. Various workarounds exist and vendors like Cisco are rushing out fixes [1]. Also, the attack does not directly compromise data integrity or confidentiality. The worst aspect of the problem is that a huge range of networking kit (firewalls, switches, and routers) from multiple vendors need attention.

The National Infrastructure Security Co-ordination Centre advisory [2] on the vulnerability follows months of behind-the-scenes work on the issue. Security researcher Paul A. Watson is credited with mathematical analysis that first highlighted the potential problem, as explained by US-CERT here [3]. ®

Related stories

MS score card: four patches, 20 vulns, heaps of trouble [4]
Blaster worm spreading rapidly [5]
UK.gov aims to demystify security for SMEs [6]

Links

1. http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml
2. http://www.uniras.gov.uk/vuls/2004/236929/index.htm
3. http://www.us-cert.gov/cas/techalerts/TA04-111A.html
4. http://www.theregister.co.uk/2004/04/14/ms_patch_bonanza/
5. http://www.theregister.co.uk/2003/08/12/blaster_worm_spreading_rapidly/
6. http://www.theregister.co.uk/2003/02/17/uk_gov_aims_to_demystify/