http://www.eweek.com/article2/0,3959,1200972,00.asp By Dennis Fisher July 22, 2003 Despite fears that a flaw in the software that controls most of the routers and switches in the Internet would lead to widespread attacks and outages, security monitoring companies say they have seen little indication of that happening. The vulnerability, which affects nearly all of the routers and devices running Cisco Systems Inc.'s Internetwork Operating System software, was disclosed late last week, and a working exploit for the flaw hit the Internet Friday. Security experts and network operators worried that the ubiquity of Cisco's devices on the Internet and the easy availability of exploit code would lead to mass attacks on vulnerable routers. But none of that has come to pass yet. "It's been generally pretty quiet. The ISPs had pulled together and gotten their patches and access control lists done," said Charles Kaplan, senior director of research and MSS and information security officer at Guardent Inc., a managed security services provider based in Waltham, Mass. "We've been getting a lot of calls from clients asking for advice, but no one has been screaming. It really looks like the ISPs did their jobs." The vulnerability arises from IOS' failure to correctly handle a specific series of IPv4 packets sent to the device. When the sequence of packets hits the device, the IOS mistakenly flags the input queue on the network interface as being full. After a period of time, the device will stop processing traffic. The device can be forced to stop routing any traffic on any interface and will require a complete restart to resume normal operation. The big ISPs and network operators were among the first to know of the vulnerability. Cisco, based in San Jose, Calif., quietly informed the major Internet players on Wednesday, urging them to perform emergency upgrades on their devices. Within the next 24 hours, Cisco issued an advisory warning the public of the vulnerability and numerous security vendors and research organizations followed suit. Since then, network operators and IT staffs have been holding their collective breath, waiting to see whether crackers would start hammering on the new flaw. So far, the mad scramble to install patches seems to have worked. "It was a little scary on Wednesday when we were hearing rumors about the vulnerability but Cisco hadn't disclosed it yet," Kaplan said. "But Cisco really stepped up and took care of it." - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Jul 23 2003 - 02:46:46 PDT