Fundamental Internet Flaw Revealed

from the oh-well.--time-to-log-off dept

Well, there’s a flurry of news article being rushed online today as news comes out about a “fundamental flaw” with TCP that could allow hackers to basically screw up routers all over the world, severely impacting internet traffic. The flaw was discovered a few months back, and people have apparently been working on a fix, but the article isn’t entirely clear on whether or not important routers have really been patched, or if it’s still being worked on. Either way, the guy who discovered the flaw is set to make a presentation about it on Thursday, after which he believes just about any smart hacker should be able to exploit it and do their best to take down the internet. The news is still pretty vague otherwise about this threat, and I’m always a little skeptical about “this will bring down the internet!” style claims, so if anyone has more info about how serious (or not) this is, feel free to share. Update: As noted here it appears that we were correct in assuming the “oh no, the internet is going to fall down” predictions may have been overstated as the workarounds are perfectly reasonable.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Fundamental Internet Flaw Revealed”

Subscribe: RSS Leave a comment
Bakaneko says:

Re: the same here

Got the basic details:

Someone has figured out that its a lot easier, because of the window of sequence numbers that a TCP connection will accept (refer to good books on the subject for a good explanation of what that means), its possible to send a RST packet from a spoofed address/port and knock out a long term TCP connection if the details (source & dest IP ports and addresses) are known.

The primary example pointed out by the vulnerability discoverer is BGP, which is a major routing protocol used by many central routers. Basically a person could DoS BGP on these routers and prevent them from maintaining updated routing, which could be bad.

There are mitigating factors to the exploit, and steps that can be taken to lessen the chances of it working, but a complete “fix” will require a patch/update to how TCP works.

dorpus says:

What If

What if a hacker managed to simultaneously bring down the internet and espresso production? Will techies start falling out of building windows a la 9/11 style?

I drove across the continent last week, I was going crazy from boredom, it was Easter Sunday (when all espresso shops were closed), so in Kearney, Nebraska (middle of the continent), I stopped at a university computer lab, where the lab administrator let me use the computer because he could sense my anguish.

Charles W. says:

No Subject Given

This isn’t nearly as big as it seems. The common work around for all DoS attacks still works in this case.

Block address that should not be coming from that direction. IE if is a network off of port A on your router then you should never see any inbound trafic on any other ports with a source address on the network. So block that network from inbound except on port A.

Also if you know that is the only network off of port A then anything with a source that is not coming in on port A is false. So block all inbound addresses from port A except network.

If enough network providers did this then the packets to start this DoS attack will never make it to the router with the RST packet. It will be dropped because the source address is spoofed.

-Charles W.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...