Network News

X My Profile
View More Activity

Time to Reboot the Internet Again

Cisco Systems Inc., the company whose hardware routers are responsible for handling the majority of the world's Internet traffic, today issued patches to fix at least three very serious security holes in its products. This is generally not something that the average user needs to worry about, but I'm blogging on it because the flaws do have the potential to cause some problems that Internet users could experience in a very real way (i.e. e-mail and Internet access temporarily goes bye-bye).

Most Internet service providers will stagger the installation of these patches so as not to disrupt customers' online connectivity, but one of these flaws appears to be so easy to exploit that if the bad guys figure out how before ISP get around to patching then we could very likely see portions of the Internet go dark soon.

Indeed, one of the flaws that Cisco highlighted today appears to suggest that most of Cisco's routers are susceptible to what can aptly be described as a "ping of death," that is -- send a single, specially crafted data packet down the wire to the control interface for an unpatched Cisco router, and you could make the device either crash or you can install software of your choosing on top of it. Granted, any Cisco administrator will tell you it is a very bad idea not to severely restrict remote access to a router's controls, but this is a serious threat nonetheless.

Tom Liston, an incident handler at the SANS Internet Storm Center, says this particular vulnerability definitely has the potential to get ugly.

"Cisco is very careful in their advisory not to give too many details on the options required" to exploit the vulnerability, he said. "But you can bet your next paycheck that the kiddies are right now playing around with [it] like mad about now. Overall, Cisco's mitigation steps aren't very practical in many environments, so this looks like it needs to be patched."

The Storm Center has changed its threat alert level from green to yellow over things like this in the past, but Liston says SANS will likely remain at green unless it begins to see signs that bad guys have figured out how to exploit the flaws.

As serious as this vulnerability is, the reality is that even if all of the vulnerable Cisco routers were attacked, it is unlikely that the Internet would fall over. That might have been the outcome not too long ago, when the Internet was held up pretty much by a Cisco router monoculture. However, today, many of the Internet's core networks are supported by routers manufactured by Cisco's chief rival, Juniper Networks.

While we're on the subject of the monocultures and large scale Internet attacks, it seems appropriate to mention that tomorrow is the fourth anniversary of the SQL Slammer worm, which infected 100 percent of the vulnerable Web servers on the planet inside of 15 minutes, temporarily disabling many important infrastructure systems that relied on the flawed Microsoft component.

By Brian Krebs  |  January 24, 2007; 1:52 PM ET
Categories:  From the Bunker , Latest Warnings , New Patches  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Apple Patches First 'Month of Apple Bugs' Flaw
Next: Substitute Teacher Faces Jail Time Over Spyware


The comments are like some sort of internet black hole vortex of strangeness... .

Posted by: jon | January 24, 2007 2:36 PM | Report abuse

Hehe, I admit, that was a bit surreal...enough to read the whole painfully written thing. :)

Posted by: LonerVamp | January 24, 2007 2:43 PM | Report abuse the name of...

wow. my eyes! Believe it or not, I'm actually debating whether or not to delete that first ALL CAPS comment, mainly because while it strikes me as very likely another 419/Nigerian e-mail spam/scam, there's something vaguely mesmerizing about it.

Posted by: Bk | January 24, 2007 2:45 PM | Report abuse

Sorry folks. Had to delete it. That same spam showed up on a bunch of those posts at the same time.

Posted by: Bk | January 24, 2007 2:51 PM | Report abuse

Krebs you fear mongerer.

Would be great if the Internet went down for a few hrs. I could use some time off. Remember always install your security updates and never fear.

Posted by: Josh Grobin | January 24, 2007 5:15 PM | Report abuse

The first Cisco IPv4 Crafted DoS vulnerability in 2003 was released on the same day as Cisco's advisory. ISP's got the fix early by way of early access to information and image downloads.

Cisco prioritizes customers in this way. ISP's then setup filters to block potential malicious packets. In fact, they blocked SQL Slammer in the same way, but that was post-release.

Posted by: dre | January 25, 2007 10:31 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company