[ISN] Group warns of widespread security flaw among Internet network devices

From: InfoSec News (isnat_private)
Date: Wed Feb 13 2002 - 02:15:21 PST

  • Next message: InfoSec News: "RE: [ISN] Microsoft developers feel Windows pain"

    http://www.nandotimes.com/technology/story/249685p-2354258c.html
    
    By D. IAN HOPPER, AP Technology Writer 
    
    WASHINGTON (February 12, 2002 2:20 p.m. EST) - From desktop computers
    to traffic management systems, much of the Internet's network devices
    have a security flaw that could allow hackers to shut them down or
    gain control of the devices, a government-funded research group warned
    Tuesday.
    
    The problem is most serious for Internet service providers, which use
    systems called routers to manage the flow of messages across computer
    networks and the Internet, the group said.
    
    "ISPs that don't act will have a reasonable chance of having their
    routers go down," said Alan Paller, research director at the Sans
    Institute in Maryland.
    
    The CERT Coordination Center, based at Carnegie Mellon University in
    Pittsburgh, planned to release an alert Tuesday. Marty Lindner of CERT
    said hundreds of vendors use the Internet protocol found to be at
    risk. The warning, to be posted on CERT's Web site, lists the steps
    businesses and consumers should take to protect themselves.
    
    CERT is funded in part by the Defense Department.
    
    "Some companies actually have all their patches ready to go," Lindner
    said. "Some companies have been diligently working on patches, but
    they have a lot more work to do."
    
    When update programs aren't available, Lindner said the site will tell
    users how to reduce the risk of an attack.
    
    Lindner said the problem was found recently by researchers at the
    University of Finland at Oulu, but it has existed for more than 10
    years, since the "Simple Network Manager Protocol" was written.
    
    "I don't think anyone looked for it," prior to the Finland
    researchers, Lindner said.
    
    SNMP is used to gather information from network systems, or configure
    them remotely. Paller said Internet providers could safely disable
    SNMP until a patch is available, but may have difficulty billing their
    customers.
    
    Depending on the flavor of SNMP, a hacker could shut down a victim's
    device or get full access to it.
    
    Microsoft systems, frequently derided for security problems, may have
    a leg up on the problem. Microsoft operating systems turn SNMP off by
    default, Lindner said. "But that doesn't mean it can't be enabled by
    some other product you could install on top of it," he added.
    
    Russ Cooper of security firm TruSecure said his company is testing a
    tool that could be used to break into computers running SNMP. He said
    the tool is "in the wild," meaning that it could be available to
    malicious hackers.
    
    Security experts were sober about the threat, with one joking that if
    a hacker took down the Internet, he wouldn't be able to brag to his
    friends that he did it.
    
    "I'm worried that it could cause some disruptions," Cooper said. "I'm
    not worried about the end of the Internet as we know it."
    
    Discuss this story in our news forums:
     
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Feb 13 2002 - 05:54:23 PST