Fundamental Internet Flaw Revealed
from the oh-well.--time-to-log-off dept
Well, there’s a flurry of news article being rushed online today as news comes out about a “fundamental flaw” with TCP that could allow hackers to basically screw up routers all over the world, severely impacting internet traffic. The flaw was discovered a few months back, and people have apparently been working on a fix, but the article isn’t entirely clear on whether or not important routers have really been patched, or if it’s still being worked on. Either way, the guy who discovered the flaw is set to make a presentation about it on Thursday, after which he believes just about any smart hacker should be able to exploit it and do their best to take down the internet. The news is still pretty vague otherwise about this threat, and I’m always a little skeptical about “this will bring down the internet!” style claims, so if anyone has more info about how serious (or not) this is, feel free to share. Update: As noted here it appears that we were correct in assuming the “oh no, the internet is going to fall down” predictions may have been overstated as the workarounds are perfectly reasonable.
Comments on “Fundamental Internet Flaw Revealed”
the same here
i just read the news, but nobody knows anything for sure.. i hope you post something if you know more about this. i’ll do the same.
Re: the same here
Got the basic details:
Someone has figured out that its a lot easier, because of the window of sequence numbers that a TCP connection will accept (refer to good books on the subject for a good explanation of what that means), its possible to send a RST packet from a spoofed address/port and knock out a long term TCP connection if the details (source & dest IP ports and addresses) are known.
The primary example pointed out by the vulnerability discoverer is BGP, which is a major routing protocol used by many central routers. Basically a person could DoS BGP on these routers and prevent them from maintaining updated routing, which could be bad.
There are mitigating factors to the exploit, and steps that can be taken to lessen the chances of it working, but a complete “fix” will require a patch/update to how TCP works.
Re: Re: the same here
Or code updates on the Cisco’s/Juniper’s at the Core of the network….anyone else notice the amount of router reboots that have been happening lately at peer entry points? Small hint.
What If
What if a hacker managed to simultaneously bring down the internet and espresso production? Will techies start falling out of building windows a la 9/11 style?
I drove across the continent last week, I was going crazy from boredom, it was Easter Sunday (when all espresso shops were closed), so in Kearney, Nebraska (middle of the continent), I stopped at a university computer lab, where the lab administrator let me use the computer because he could sense my anguish.
Re: What If
Will techies start falling out of building windows a la 9/11 style?
Nah, we still have tons of videogames and books to hold our attention. Sometimes I WISH the internet would collapse 🙂 I might actually get some work done…
No Subject Given
This isn’t nearly as big as it seems. The common work around for all DoS attacks still works in this case.
Block address that should not be coming from that direction. IE if 217.10.8.0 is a network off of port A on your router then you should never see any inbound trafic on any other ports with a source address on the 217.10.8.0 network. So block that network from inbound except on port A.
Also if you know that 217.10.8.0 is the only network off of port A then anything with a source that is not 217.10.8.0 coming in on port A is false. So block all inbound addresses from port A except 217.10.8.0 network.
If enough network providers did this then the packets to start this DoS attack will never make it to the router with the RST packet. It will be dropped because the source address is spoofed.
-Charles W.