Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Milwaukee expert uncovers serious Web vulnerability
JS ONLINE ^ | April 20, 2004 | ADAM BERGSTROM

Posted on 04/20/2004 9:55:08 PM PDT by Hillarys Gate Cult

A Milwaukee computer security expert's research has helped discover a potential for serious Internet traffic-flow vulnerabilities.

Left unchecked, hackers could disrupt Web surfing,

e-mail and other forms of electronic communication.

Paul Watson, who works for Rockwell Automation's Information Security Group, has been working with the British government's National Infrastructure Security Coordination Centre.

The organization released information Tuesday addressing flaws that could allow hackers to knock computers off-line and disrupt vital traffic-directing devices, called routers, that coordinate the flow of data among distant groups of computers.

"It's a vulnerability that everyone has known about but never really talked about," Watson, 35, said in an interview.

The flaw affects the Internet's "transmission control protocol." Watson said he identified a method to reliably trick personal computers and routers into shutting down electronic conversations by resetting the machines remotely.

Previously, experts said such attacks could take between four years and 142 years to succeed because they require guessing a rotating number from roughly four billion possible combinations.

Watson said he can guess the proper number with as few as four attempts, which can be accomplished within seconds.

"Exploitation of this vulnerability could have affected the glue that holds the Internet together," said Roger Cumming, director of the National Infrastructure Security Coordination Centre.

In the United States, the Department of Homeland Security issued its own cyber-alert hours later, warning that attacks "could affect a large segment of the Internet community." It said normal Internet operations probably would resume after such attacks stopped. Experts said there were no reports of attacks using this technique.

Routers continually exchange important updates about the most efficient traffic routes between large networks.

Continued successful attacks against routers can cause them to go into a standby mode, known as "dampening," that can persist for hours.

Watson began his research after attending a conference where he heard experts from Cisco Systems Inc. say it wouldn't be practical to use this method to attack Internet traffic flow.

"I didn't agree on one of the issues they covered," Watson said. "So I went outside to the pool and began doing my own research."

Watson completed his research in November. He sent it to the two men from Cisco Systems who gave the presentation, seeking their input.

"They said to me, 'Wow, we really dropped the ball on this one,' " Watson said. "Cisco contacted me immediately and asked if they could do more research to corroborate the results."

Watson and Cisco Systems contacted the Computer Emergency Response Team at Carnegie Mellon University in Pittsburgh, a group that works with manufacturers of Internet equipment on security matters. When the team didn't respond to the request, Watson and Cisco went across the Atlantic and called on the British officials.

"They got back to us immediately," Watson said.

Since then, the group has been feverishly working with more than 150 Internet equipment companies to fix the problems before Watson presents his findings at the annual CanSecWest Internet security conference in Vancouver, British Columbia, on Thursday.

Watson predicted that hackers would understand how to begin launching attacks "within five minutes of walking out of that meeting."


TOPICS: Extended News; News/Current Events; Technical
KEYWORDS: flaws; hackers; tcp; webcrash
Just heard this on ABC radio news. Hope nobody gets hit with this.

Here's another article that goes into more detail;

TCP Vulnerable, But Net Won't Go Down

1 posted on 04/20/2004 9:55:10 PM PDT by Hillarys Gate Cult
[ Post Reply | Private Reply | View Replies]

To: Hillarys Gate Cult
A related FR post is here. Slashdot discussion is here.

This post on Slashdot indicates that the major backbone providers have known about this for a week or so, in order to get their ducks in a row. It looks like this mostly affects routers running BGP, so it doesn't impact end-users directly, but it could cause a slowdown in the network that might affect all of us, if exploited,

2 posted on 04/21/2004 6:55:51 AM PDT by TechJunkYard
[ Post Reply | Private Reply | To 1 | View Replies]

To: TechJunkYard
The odds of a successful exploit are pretty low, though.
3 posted on 04/21/2004 9:33:06 PM PDT by Bush2000
[ Post Reply | Private Reply | To 2 | View Replies]

To: Bush2000
Agreed. It's just been released. I hear DHS requested the embargo, and that is driving most of the hype.
4 posted on 04/22/2004 5:52:36 AM PDT by TechJunkYard
[ Post Reply | Private Reply | To 3 | View Replies]

To: Bush2000
Whoops, I should clarify that. The details have just been released... no exploit (yet).
5 posted on 04/22/2004 6:04:50 AM PDT by TechJunkYard
[ Post Reply | Private Reply | To 4 | View Replies]

To: Hillarys Gate Cult

there was life before the internet


6 posted on 07/14/2004 7:41:05 AM PDT by joesnuffy (Moderate Islam Is For Dilettantes)
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson