IP flaw could allow attacks on routers and Internet software

Industry reels from IP flaw
IP flaw could allow attacks on routers and Internet software

By Matthew Broersma, Techworld
April 13, 2005

The U.K.'s National Infrastructure Co-Ordination Centre (NISCC) has warned of a flaw in Internet Protocol (IP) that could allow significant attacks on a wide range of products, including routers and Internet software from Microsoft (Profile, Products, Articles), Cisco Systems (Profile, Products, Articles), IBM (Profile, Products, Articles), Juniper Networks (Profile, Products, Articles), and others.

While the flaw in ICMP, IP's control protocol, will be only moderately critical for some vendors' products, in others it could allow a denial-of-service attack with medium-term effects, effectively putting the system out of commission for a significant period of time while it is reset, the NISCC said in an advisory. In other products, attacks could merely slow down traffic or result in short-term denial-of-service.

Because the problems with ICMP have been circulating in the security community for some time, some products have already been modified to block the attacks; for example many Linux products mitigate or eliminate the problems, the NISCC said. The organization is publishing an updated list of affected vendors in a PDF version of the advisory.

"Most vendors include support for this protocol in their products and may be impacted to varying degrees," the agency said in its advisory. One of the ICMP vulnerabilities, termed a TCP blind connection-reset vulnerability, could mean significant problems for some implementations of the Border Gateway Protocol (BGP), one of the Internet's core protocols, according to the advisory. "BGP relies on a persistent TCP connection between BGP peers; resetting the connection can result in medium term unavailability due to the need to rebuild routing tables and route flapping," the NISCC said.
<snip>

http://www.infoworld.com/article/05/04/13/HNipflaw_1.html?source=NLC-TB2005-04-13