Topic: Major TCP/IP security Flaw.  (Read 1252 times)

0 Members and 1 Guest are viewing this topic.

Sirgod

  • Guest
Major TCP/IP security Flaw.
« on: April 21, 2004, 10:52:32 am »
 NewScientest

Critical internet communication flaw revealed
 
 
14:58 21 April 04
 
NewScientist.com news service
 
A serious problem with the most commonly used internet communications protocol has been revealed by computer experts.

Experts say the flaw in the Transmission Control Protocol (TPC) could be used to knock out many brands of router - the machines that direct traffic between computer networks on the internet.

Details were revealed in an advisory issued by the UK government's National Infrastructure Security Co-Ordination Centre (NISCOC) on Tuesday. The advisory rates the issue as "critical" but states that different hardware and software will be affected to different degrees. Roger Cumming, director of NISCOC says exploitation of this vulnerability could affect the 'glue' that holds the internet together.

The US government's Homeland Security Department also issued a statement which says attacks using the flaw "could affect a large segment of the internet community."

 
Remote reset


The TPC manages the flow of data packets across the internet. It includes a design feature that allows a TCP communications session to be reset remotely across a network.

Sending a reset command depends upon using the correct communications "port", which is set at random by the router beforehand. Previously, the odds of simply guessing this port were thought to be unrealistically high - about one in four billion.

But Paul Watson, an independent computer security consultant based in the US, discovered that just a portion of the correct number will work. This means a valid reset command could be sent in just a few tries. And repeatedly sending reset commands to carefully chosen routers could prevent network traffic from being forwarded, leaving computers unable to communicate.

A number of router makers, including the world's largest manufacturer Cisco, have confirmed that their products are vulnerable to the exploit. Some systems can be protected through careful configuration, while others require a software fix.

Details of the flaw will be presented by Watson in a paper entitled Slipping In The Window: TCP Reset Attacks at the CanSecWest 2004 conference in Vancouver, Canada, which is held between 21 and 23 April.
 
 
Will Knight
 
----------------------------

Stephen

RogueJedi_XC

  • Guest
Re: Major TCP/IP security Flaw.
« Reply #1 on: April 21, 2004, 12:38:06 pm »
Wait...a security vulnerability that is not from a Microsoft product?

My whole world has just flipped upside down.    

Sirgod

  • Guest
Major TCP/IP security Flaw.
« Reply #2 on: April 21, 2004, 10:52:32 am »
 NewScientest

Critical internet communication flaw revealed
 
 
14:58 21 April 04
 
NewScientist.com news service
 
A serious problem with the most commonly used internet communications protocol has been revealed by computer experts.

Experts say the flaw in the Transmission Control Protocol (TPC) could be used to knock out many brands of router - the machines that direct traffic between computer networks on the internet.

Details were revealed in an advisory issued by the UK government's National Infrastructure Security Co-Ordination Centre (NISCOC) on Tuesday. The advisory rates the issue as "critical" but states that different hardware and software will be affected to different degrees. Roger Cumming, director of NISCOC says exploitation of this vulnerability could affect the 'glue' that holds the internet together.

The US government's Homeland Security Department also issued a statement which says attacks using the flaw "could affect a large segment of the internet community."

 
Remote reset


The TPC manages the flow of data packets across the internet. It includes a design feature that allows a TCP communications session to be reset remotely across a network.

Sending a reset command depends upon using the correct communications "port", which is set at random by the router beforehand. Previously, the odds of simply guessing this port were thought to be unrealistically high - about one in four billion.

But Paul Watson, an independent computer security consultant based in the US, discovered that just a portion of the correct number will work. This means a valid reset command could be sent in just a few tries. And repeatedly sending reset commands to carefully chosen routers could prevent network traffic from being forwarded, leaving computers unable to communicate.

A number of router makers, including the world's largest manufacturer Cisco, have confirmed that their products are vulnerable to the exploit. Some systems can be protected through careful configuration, while others require a software fix.

Details of the flaw will be presented by Watson in a paper entitled Slipping In The Window: TCP Reset Attacks at the CanSecWest 2004 conference in Vancouver, Canada, which is held between 21 and 23 April.
 
 
Will Knight
 
----------------------------

Stephen

RogueJedi_XC

  • Guest
Re: Major TCP/IP security Flaw.
« Reply #3 on: April 21, 2004, 12:38:06 pm »
Wait...a security vulnerability that is not from a Microsoft product?

My whole world has just flipped upside down.    

Sirgod

  • Guest
Major TCP/IP security Flaw.
« Reply #4 on: April 21, 2004, 10:52:32 am »
 NewScientest

Critical internet communication flaw revealed
 
 
14:58 21 April 04
 
NewScientist.com news service
 
A serious problem with the most commonly used internet communications protocol has been revealed by computer experts.

Experts say the flaw in the Transmission Control Protocol (TPC) could be used to knock out many brands of router - the machines that direct traffic between computer networks on the internet.

Details were revealed in an advisory issued by the UK government's National Infrastructure Security Co-Ordination Centre (NISCOC) on Tuesday. The advisory rates the issue as "critical" but states that different hardware and software will be affected to different degrees. Roger Cumming, director of NISCOC says exploitation of this vulnerability could affect the 'glue' that holds the internet together.

The US government's Homeland Security Department also issued a statement which says attacks using the flaw "could affect a large segment of the internet community."

 
Remote reset


The TPC manages the flow of data packets across the internet. It includes a design feature that allows a TCP communications session to be reset remotely across a network.

Sending a reset command depends upon using the correct communications "port", which is set at random by the router beforehand. Previously, the odds of simply guessing this port were thought to be unrealistically high - about one in four billion.

But Paul Watson, an independent computer security consultant based in the US, discovered that just a portion of the correct number will work. This means a valid reset command could be sent in just a few tries. And repeatedly sending reset commands to carefully chosen routers could prevent network traffic from being forwarded, leaving computers unable to communicate.

A number of router makers, including the world's largest manufacturer Cisco, have confirmed that their products are vulnerable to the exploit. Some systems can be protected through careful configuration, while others require a software fix.

Details of the flaw will be presented by Watson in a paper entitled Slipping In The Window: TCP Reset Attacks at the CanSecWest 2004 conference in Vancouver, Canada, which is held between 21 and 23 April.
 
 
Will Knight
 
----------------------------

Stephen

RogueJedi_XC

  • Guest
Re: Major TCP/IP security Flaw.
« Reply #5 on: April 21, 2004, 12:38:06 pm »
Wait...a security vulnerability that is not from a Microsoft product?

My whole world has just flipped upside down.