Wednesday, April 21, 2004

TCP Weakness

BugBlog mentions a new weakness discovered in TCP, one of the basic internet protocols. It seems to be a liability with certain Cisco devices. For end users, it may not mean much. Could be more DOS attacks that take down some websites and possibly net services, if their Cisco routers are attacked.

Update: My phrasing is a bit lazy. As Steve notes This could affect more than just Cisco (should the weakness be attacked) although Cisco was mentioned a lot in the link I posted. In fact "Systems that rely on persistent TCP connections" will be affected, and this could include many other types of systems. Some of the gory details:
The Border Gateway Protocol (BGP) is used to exchange routing information for the Internet and is primarily used by Internet Service Providers. For details about BGP, please see Cisco System's documentation on BGP.
A vulnerable situation arises due to the fact that BGP relies on persistent TCP sessions to function. Since TCP is an insecure transmission protocol, it is possible to inject TCP packets into sessions between hosts given the appropriate information. The TCP/IP Initial Sequence Number vulnerability (VU#498440) is one example of how an attacker could inject TCP packets into a session. If an attacker were to send a reset (RST) packet for example, they would cause the TCP session between two endpoints to terminate without any further communication. In the case of a BGP/TCP session, this would cause the BGP application to restart and attempt to re-establish a connection to its peers and cause a brief denial-of-service period until the routing tables could be repopulated.


Post a Comment

Links to this post:

Create a Link

<< Home