Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


TCP/IP and Internet Security Vulnerabilities

  • Please log in to reply
No replies to this topic

#1 harrywaldron


    Security Reporter

  • Members
  • 509 posts
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:12:30 PM

Posted 22 April 2004 - 06:45 AM

While major alerts have been issued, the potential for attacks will most likely be isolated to specific vulnerable servers or routers rather than the entire Internet infrastructure.

The concern is that TCP/IP is used extensively for Internet and Intranet communications on a widespread basis. The primary concern is in disconnecting static BGP connections as noted in the articles.

Finally, vendors are scrambling to provide security fixes which should be appearing soon

TCP/IP and Internet Security Vulnerabilities

A flaw in the most popular communications protocol for sending data on the Net could let attackers shut down connections between servers and routers, according to an advisory released Tuesday by Britain's national emergency response team. TCP--the Transmission Control Protocol--contains a flaw that "varies by vendor and application, but in some deployment scenarios...is rated critical.

Most implementations of the Border Gateway Protocol (BGP) rely on the Transmission Control Protocol (TCP) to maintain persistent unauthenticated network sessions. There is a vulnerability in TCP which allows remote attackers to terminate network sessions. Sustained exploitation of this vulnerability could lead to a denial of service condition; in the case of BGP systems, portions of the Internet community may be affected. Routing operations would recover quickly after such attacks ended.

Leading networking equipment vendors Cisco Systems Inc. and Juniper Networks Inc. are expected to release advisories for their customers this week that explain which of their products contain BGP code vulnerable to attack and to offer updated versions of operating system software for those devices that fix the problem.

Despite the dire warnings, the impact of the TCP hole will probably be small, Ingevaldson said. Leading networking vendors have probably been in conversation with US-CERT and the NISCC far in advance of the news becoming public, giving those companies time to prepare a patch. Also, the BGP protocol was designed to be resistant to attack and to support digital signatures using algorithms such as MD5 that can prevent spoofing, he said. "This is a serious issue because it's widespread, but there probably won't be a widespread impact," he said.



BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users