Flaw in internet protocol core could disrupt almost any broadband connection device
Security experts have discovered a flaw in a core internet protocol that can be exploited to disrupt just about any device with a broadband connection. The finding could have profound consequences for millions of people who depend on websites, mail servers, and network infrastructure.
The bug in the transmission control protocol (TCP) affords attackers a wealth of new ways to carry out denials of service on equipment at the heart of data centers and other sensitive points along the internet. The new class of attack is especially severe because it can be carried out using very little bandwidth and has the ability to paralyze a server or router even after the flood of malicious data has stopped. Once exploited, the attack also allows miscreants to consume so many system resources that the device essentially crashes.
According to Robert E. Lee, chief security officer for Sweden-based Outpost24, “if you use the internet and you serve a TCP-based service that you value the availability for, then this affects you. That may not be every internet user, but that’s certainly any IT manager, that’s certainly any website operator, mail server operator, or router operator.”
Lee said he and Outpost24 colleague Jack Louis discovered the bug in 2005, but decided to keep their finding secret while they tried to devise a solution. After largely hitting a wall, they decided to go public in hopes that a new infusion of ideas will finally get the problem fixed.
The discovery is similar to several other bugs that have come to light over the past six months that reside in an entire system rather than in a single product. In July, researcher Dan Kaminsky unearthed a fundamental flaw in the design of the internet’s address system that made it trivial to spoof websites and email addresses. And at the Defcon hacking conference a month later, researchers laid out a technique to surreptitiously hijack huge chunks of the internet and tamper with unencrypted traffic before it reaches its intended destination.
Other security experts have already weighed in on the TCP bug and said it appears Outpost24 isn’t overstating its severity. At the moment, there are no work-arounds other than forbidding anonymous connections, a solution that isn’t an option for most net-connected devices.
To streamline the execution of the multiple attack scenarios developed, Outpost24 has built a test kit they’ve dubbed Sockstress. So far, they’ve used it on 15 different TCP stacks, and all have been found to be vulnerable.
More on CyberInsecure:
Posts
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.