Time to Reboot the Internet Again
Cisco Systems Inc., the company whose hardware routers are responsible for handling the majority of the world's Internet traffic, today issued patches to fix at least three very serious security holes in its products. This is generally not something that the average user needs to worry about, but I'm blogging on it because the flaws do have the potential to cause some problems that Internet users could experience in a very real way (i.e. e-mail and Internet access temporarily goes bye-bye).
Most Internet service providers will stagger the installation of these patches so as not to disrupt customers' online connectivity, but one of these flaws appears to be so easy to exploit that if the bad guys figure out how before ISP get around to patching then we could very likely see portions of the Internet go dark soon.
Indeed, one of the flaws that Cisco highlighted today appears to suggest that most of Cisco's routers are susceptible to what can aptly be described as a "ping of death," that is -- send a single, specially crafted data packet down the wire to the control interface for an unpatched Cisco router, and you could make the device either crash or you can install software of your choosing on top of it. Granted, any Cisco administrator will tell you it is a very bad idea not to severely restrict remote access to a router's controls, but this is a serious threat nonetheless.
Tom Liston, an incident handler at the SANS Internet Storm Center, says this particular vulnerability definitely has the potential to get ugly.
"Cisco is very careful in their advisory not to give too many details on the options required" to exploit the vulnerability, he said. "But you can bet your next paycheck that the kiddies are right now playing around with [it] like mad about now. Overall, Cisco's mitigation steps aren't very practical in many environments, so this looks like it needs to be patched."
The Storm Center has changed its threat alert level from green to yellow over things like this in the past, but Liston says SANS will likely remain at green unless it begins to see signs that bad guys have figured out how to exploit the flaws.
As serious as this vulnerability is, the reality is that even if all of the vulnerable Cisco routers were attacked, it is unlikely that the Internet would fall over. That might have been the outcome not too long ago, when the Internet was held up pretty much by a Cisco router monoculture. However, today, many of the Internet's core networks are supported by routers manufactured by Cisco's chief rival, Juniper Networks.
While we're on the subject of the monocultures and large scale Internet attacks, it seems appropriate to mention that tomorrow is the fourth anniversary of the SQL Slammer worm, which infected 100 percent of the vulnerable Web servers on the planet inside of 15 minutes, temporarily disabling many important infrastructure systems that relied on the flawed Microsoft component.
January 24, 2007; 1:52 PM ET
Categories: From the Bunker , Latest Warnings , New Patches
Save & Share: Previous: Apple Patches First 'Month of Apple Bugs' Flaw
Next: Substitute Teacher Faces Jail Time Over Spyware
Posted by: jon | January 24, 2007 2:36 PM | Report abuse
Posted by: LonerVamp | January 24, 2007 2:43 PM | Report abuse
Posted by: Bk | January 24, 2007 2:45 PM | Report abuse
Posted by: Bk | January 24, 2007 2:51 PM | Report abuse
Posted by: Josh Grobin | January 24, 2007 5:15 PM | Report abuse
Posted by: dre | January 25, 2007 10:31 AM | Report abuse
The comments to this entry are closed.