Newsletters

Select newsletters below and click the button to sign up!

Boston News NY News
DC News Internet Daily
SiliconValley News
InternetNews Business Report




Become a Marketplace Partner


Partner With Us


Internetnews Bloggers

Recent Entries

Archives

September 2009
Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30      

Monthly Archives

Search The Blog

Netstat -vat by Sean Michael Kerner (bio)

A command line view of IT



Cisco fixes massive TCP flaw

By Sean Michael Kerner on September 9, 2009 9:11 AM
cisco.gif
From the 'Bigger Than DNS' files:

Cisco (NASDAQ:CSCO) now has a critical patch out for its IOS operating system fixing a TCP flaw that could trigger a Denial of Service (DoS) condition.

The TCP flaw is similar in nature to one that Microsoft patched as part of its September Patch Tuesday update. TCP is the core transport protocol for most web traffic and the flaw is one that is not trivial.
"By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely," Cisco's warns in its advisory. "If enough TCP connections are forced into a long-lived or indefinite state, resources on a system under attack may be consumed, preventing new TCP connections from being accepted."
In other words, a flaw in TCP could have enable a DoS attack.

According to Cisco's advisory, actually triggering the DoS requires the attacker  to complete a TCP three-way handshake with a vulnerable system.

Such an attack was made simple in 2008 by way of a tool called Sockstress which was released by outpost24 security researchers. According the Sockstress website the tool is able to hep security researchers test for a generic issue that affects the availability of TCP services and the issue could be used to create a Denial of Service attack.

Why then if a tool has been available for a year has it taken so long for this issue to be fixed?

The answer in my opinion is relatively straightforward. For better or for worse, DoS attacks are a known commodity and can usually be prevented or redirected using a number of different techniques. Yes, it's better to fix the root cause, and now both Microsoft and Cisco have done that. The reality is that, to the best of my knowledge there has not been a widespread TCP attack exploiting this vulnerability.

Are other vendors at risk? I don't doubt it.  The ability to keep open a TCP connection is also a feature that is sometimes required by streaming media services.

Will other vendors issue patches? I also think that's likely over time.

Should we panic? I don't think so.  DoS attacks are something that all Internet users need protections against. Eliminating root causes is the right thing to do, but sometimes the band-aid solutions work well enough too.

| Comments (0) | TrackBacks (0) | Share

0 TrackBacks

Listed below are links to blogs that reference this entry: Cisco fixes massive TCP flaw.

TrackBack URL for this entry: https://swarm.jupitermedia.com/mt-tb.cgi/8878

Leave a comment