NewScientest Critical internet communication flaw revealed
14:58 21 April 04
NewScientist.com news service
A serious problem with the most commonly used internet communications protocol has been revealed by computer experts.
Experts say the flaw in the Transmission Control Protocol (TPC) could be used to knock out many brands of router - the machines that direct traffic between computer networks on the internet.
Details were revealed in an advisory issued by the UK government's National Infrastructure Security Co-Ordination Centre (NISCOC) on Tuesday. The advisory rates the issue as "critical" but states that different hardware and software will be affected to different degrees. Roger Cumming, director of NISCOC says exploitation of this vulnerability could affect the 'glue' that holds the internet together.
The US government's Homeland Security Department also issued a statement which says attacks using the flaw "could affect a large segment of the internet community."
Remote reset
The TPC manages the flow of data packets across the internet. It includes a design feature that allows a TCP communications session to be reset remotely across a network.
Sending a reset command depends upon using the correct communications "port", which is set at random by the router beforehand. Previously, the odds of simply guessing this port were thought to be unrealistically high - about one in four billion.
But Paul Watson, an independent computer security consultant based in the US, discovered that just a portion of the correct number will work. This means a valid reset command could be sent in just a few tries. And repeatedly sending reset commands to carefully chosen routers could prevent network traffic from being forwarded, leaving computers unable to communicate.
A number of router makers, including the world's largest manufacturer Cisco, have confirmed that their products are vulnerable to the exploit. Some systems can be protected through careful configuration, while others require a software fix.
Details of the flaw will be presented by Watson in a paper entitled Slipping In The Window: TCP Reset Attacks at the CanSecWest 2004 conference in Vancouver, Canada, which is held between 21 and 23 April.
Will Knight
----------------------------
Stephen