Domain Registration Related News
Secret Repairs Preceded TCP Flaw Release
April 2004
Only the math had changed. But the emergence of
a workable exploit for an old TCP security hole
prompted a secret initiative to fix the
Internet, giving network operators a week to
secure vulnerable routers. The clandestine
repair effort livened an already intense period
for security pros already juggling a bevy of
Windows security patches.
The TCP issue publicized yesterday was publicly
known as early as 1998. It allows an attacker to
reset an existing TCP session using specially
crafted TCP packets. Most TCP sessions are
short-lived, so the vulnerability has little
impact, but certain critical protocols, such as
Border Gateway Protocol (BGP), depend on
long-lived sessions. The weakness, which affects
widely-used Cisco and Juniper routers, can be
addressed by using MD5 authentication to secure
BGP sessions, a step most ISPs had never taken
because an exploit seemed mathematically
implausible.
Paul Watson came up with a more efficient way of
exploiting the vulnerability, making the attack
much faster, particularly for attackers
controlling "bot networks" of compromised
machines. The clock began ticking March 14, when
Watson announced plans to present a paper on
"specific security problems in the TCP protocol"
at the CanSecWest conference on April 21.
Watson shared his plans with government computer
security officials in the US and UK, who
coordinated a response with vendors and major
network operators. "We have known about the
fixes for about a week and implemented them last
weekend," said Bill Hancock, Chief Security
Officer for Savvis Communications, which
operates the former Cable & Wireless US network
backbone. Communication was handled through
back-channels established in February 2001 to
deploy patches for the SNMP protocol, Hancock
said.
|