Recent Posts

Community

Email Notifications

Personal Links

Archives

Harry Waldron - IT Security

Security Developments, Software Updates and Best Practices

TCP/IP and Internet Security Vulnerabilities

While major alerts have been issued, the potential for attacks will most likely be isolated to specific vulnerable servers or routers rather than the entire Internet infrastructure.

The concern is that TCP/IP is used extensively for Internet and Intranet communications on a widespread basis.  The primary concern is in disconnecting static BGP connections as noted in the articles.  Howevery, vendors are scrambling to provide security fixes, which should be appearing soon.


TCP/IP and Internet Security Vulnerabilities

A flaw in the most popular communications protocol for sending data on the Net could let attackers shut down connections between servers and routers, according to an advisory released Tuesday by Britain's national emergency response team. TCP--the Transmission Control Protocol--contains a flaw that "varies by vendor and application, but in some deployment scenarios...is rated critical.

Most implementations of the Border Gateway Protocol (BGP) rely on the Transmission Control Protocol (TCP) to maintain persistent unauthenticated network sessions. There is a vulnerability in TCP which allows remote attackers to terminate network sessions. Sustained exploitation of this vulnerability could lead to a denial of service condition; in the case of BGP systems, portions of the Internet community may be affected. Routing operations would recover quickly after such attacks ended.

Leading networking equipment vendors Cisco Systems Inc. and Juniper Networks Inc. are expected to release advisories for their customers this week that explain which of their products contain BGP code vulnerable to attack and to offer updated versions of operating system software for those devices that fix the problem.

Despite the dire warnings, the impact of the TCP hole will probably be small, Ingevaldson said. Leading networking vendors have probably been in conversation with US-CERT and the NISCC far in advance of the news becoming public, giving those companies time to prepare a patch. Also, the BGP protocol was designed to be resistant to attack and to support digital signatures using algorithms such as MD5 that can prevent spoofing, he said. "This is a serious issue because it's widespread, but there probably won't be a widespread impact," he said.

 

SERIOUS TCP/IP VULNERABILITIES
http://www.us-cert.gov/cas/techalerts/TA04-111A.html
http://www.uniras.gov.uk/vuls/2004/236929/index.htm
http://www.securityfocus.com/news/8499
http://news.com.com/2100-1002_3-5195909.html
http://www.infoworld.com/article/04/04/20/HNtcpwarning_1.html


CORE INTERNET TECHNOLOGY VULNERABLE TO HACKERS
http://www.securityfocus.com/news/8491
http://news.com.com/2100-1009-990608.html
http://www.eweek.com/article2/0,1759,1570947,00.asp

Posted: Apr 22 2004, 05:24 AM by Harry Waldron | with 2 comment(s)

Comments

Harry Waldron said:

The link to the Infoworld article doesn't work. I was able to find the article, and the correct URL is:

http://www.infoworld.com/article/04/04/20/HNtcpwarning_1.html
# April 23, 2004 3:51 AM

Harry Waldron said:

Thank you Joy for the feedback, as I've corrected the InfoWorld link :)
# April 23, 2004 6:30 AM