Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Major Flaw Found In Cisco Routers
CERT/Cisco ^ | 07/17/2003 | CERT

Posted on 07/17/2003 6:34:36 AM PDT by zeugma

CERT has issued an alert indicating that a major flaw has been found in just about all Cisco routers. This bug will allow someone to make a router hang so that it won't accept any more packets, and cause it to need to be rebooted. The upshot of which is, internet connectivity in many places may be spotty for the next few days as these routers are patched. Worse case senerio is that someone has a variant of one of the many microsoft windows worms that can exploit this bug. This could bring large portions of the net grinding to a halt. Personally, I don't think this is likely, but merely possible in theory.

There are indications that (contrary to the CERT advisory) there are some folks out there exploiting this. Cisco has a fix and it is being distributed to folks across the world. The problem is, Cisco switches(also affected) and routers pretty much run the entire internet. It will take some time for all the routers to be patched. I expect to see the patching to start at the core and propagate out to the edge.



TOPICS: Business/Economy; Miscellaneous; News/Current Events
KEYWORDS: cisco; downtime; networkoutage
I feel for the network engineers around the world.
1 posted on 07/17/2003 6:34:36 AM PDT by zeugma
[ Post Reply | Private Reply | View Replies]

To: All
SHOW ME THE MONEY !!!


2 posted on 07/17/2003 6:35:14 AM PDT by Support Free Republic (Your support keeps Free Republic going strong!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma
What the He!! does MS have to do with CISCO's problem? (note - any opportunity to bash MS should not be missed).
3 posted on 07/17/2003 6:44:38 AM PDT by Woodman
[ Post Reply | Private Reply | To 1 | View Replies]

To: Woodman
What the He!! does MS have to do with CISCO's problem? (note - any opportunity to bash MS should not be missed).

None. However, the low-hanging fruit of the various easily explotable bugs in all microsoft software provide a ready mechanism to attack other systems. Besides, I never pass up an opporunity to bash microsoft.

4 posted on 07/17/2003 6:52:11 AM PDT by zeugma (Hate pop-up ads? Here's the fix: http://www.mozilla.org/ Now Version 1.4!)
[ Post Reply | Private Reply | To 3 | View Replies]

To: zeugma
At least your honest about it. I was following the latest buffer overflow thread this morning and no one dared mention that similar flaws have been found in LINUX. I'm not a MS toady, but if LINUX or MAC had 80% of the market, you would be surpised by the number of exploits and flaws.
5 posted on 07/17/2003 6:59:39 AM PDT by Woodman
[ Post Reply | Private Reply | To 4 | View Replies]

To: Woodman
I'm not a MS toady, but if LINUX or MAC had 80% of the market, you would be surpised by the number of exploits and flaws.

I disagree. This is a variant of the "everyone does it" strategy that liberals use to get people to excuse deviancy.

Both Linux and the Darwin kernel underneath Mac OSX are open source. You can download them, check the actual code that handles buffers or security, and hack away at them to your heart's content. With respect to Linux, it powers enough high-profile sites that there are certainly incentives to try to hack it. Microsoft's Jim Allchin, on the other hand, testified at a federal court that Windows code cannot be safely released because it will reveal known bugs.

Yes, Microsoft is getting better. But it's popularity isn't the reason why it has a reputation for being a security problem. The fact that it's been at the heart of so many security problems is.

6 posted on 07/17/2003 11:20:41 AM PDT by Question_Assumptions
[ Post Reply | Private Reply | To 5 | View Replies]

To: zeugma
CERT is now reporting that an exploit has been published.

Roadrunner is dog slow today.

I own no Cisco gear at all, and I'm glad.

7 posted on 07/18/2003 2:24:53 PM PDT by TechJunkYard (because... so much is riding on your wires.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: TechJunkYard
Yeah. I got the advisory. A bunch of morons are going to be making the network admins across the world really happy.
8 posted on 07/18/2003 5:20:21 PM PDT by zeugma (Hate pop-up ads? Here's the fix: http://www.mozilla.org/ Now Version 1.4!)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Question_Assumptions
I forgot about that testimony. It was a riot! I never have understood how they can say completely different things in front of the same judge, and have no consequences come of it.
9 posted on 07/18/2003 5:22:04 PM PDT by zeugma (Hate pop-up ads? Here's the fix: http://www.mozilla.org/ Now Version 1.4!)
[ Post Reply | Private Reply | To 6 | View Replies]

To: zeugma
This is easily remedied with a simple access list. Chances are most folks won't have to route the weird protocols that the vulnerability travels on. Filter 'em out.
10 posted on 07/18/2003 5:24:03 PM PDT by mikenola
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson