Fundamental Internet Flaw Revealed

from the oh-well.--time-to-log-off dept

Well, there's a flurry of news article being rushed online today as news comes out about a "fundamental flaw" with TCP that could allow hackers to basically screw up routers all over the world, severely impacting internet traffic. The flaw was discovered a few months back, and people have apparently been working on a fix, but the article isn't entirely clear on whether or not important routers have really been patched, or if it's still being worked on. Either way, the guy who discovered the flaw is set to make a presentation about it on Thursday, after which he believes just about any smart hacker should be able to exploit it and do their best to take down the internet. The news is still pretty vague otherwise about this threat, and I'm always a little skeptical about "this will bring down the internet!" style claims, so if anyone has more info about how serious (or not) this is, feel free to share. Update: As noted here it appears that we were correct in assuming the "oh no, the internet is going to fall down" predictions may have been overstated as the workarounds are perfectly reasonable.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    fhreak, 20 Apr 2004 @ 12:33pm

    the same here

    i just read the news, but nobody knows anything for sure.. i hope you post something if you know more about this. i'll do the same.

    link to this | view in chronology ]

    • identicon
      Bakaneko, 20 Apr 2004 @ 1:28pm

      Re: the same here

      Got the basic details:

      Someone has figured out that its a lot easier, because of the window of sequence numbers that a TCP connection will accept (refer to good books on the subject for a good explanation of what that means), its possible to send a RST packet from a spoofed address/port and knock out a long term TCP connection if the details (source & dest IP ports and addresses) are known.

      The primary example pointed out by the vulnerability discoverer is BGP, which is a major routing protocol used by many central routers. Basically a person could DoS BGP on these routers and prevent them from maintaining updated routing, which could be bad.

      There are mitigating factors to the exploit, and steps that can be taken to lessen the chances of it working, but a complete "fix" will require a patch/update to how TCP works.

      link to this | view in chronology ]

      • identicon
        Nate, 20 Apr 2004 @ 2:01pm

        Re: the same here

        Or code updates on the Cisco's/Juniper's at the Core of the network....anyone else notice the amount of router reboots that have been happening lately at peer entry points? Small hint.

        link to this | view in chronology ]

  • identicon
    dorpus, 20 Apr 2004 @ 1:20pm

    What If

    What if a hacker managed to simultaneously bring down the internet and espresso production? Will techies start falling out of building windows a la 9/11 style?

    I drove across the continent last week, I was going crazy from boredom, it was Easter Sunday (when all espresso shops were closed), so in Kearney, Nebraska (middle of the continent), I stopped at a university computer lab, where the lab administrator let me use the computer because he could sense my anguish.


    link to this | view in chronology ]

    • identicon
      thecaptain, 21 Apr 2004 @ 6:17am

      Re: What If

      Will techies start falling out of building windows a la 9/11 style?
      Nah, we still have tons of videogames and books to hold our attention. Sometimes I WISH the internet would collapse :) I might actually get some work done...

      link to this | view in chronology ]

  • identicon
    Charles W., 21 Apr 2004 @ 9:05am

    No Subject Given

    This isn't nearly as big as it seems. The common work around for all DoS attacks still works in this case.

    Block address that should not be coming from that direction. IE if 217.10.8.0 is a network off of port A on your router then you should never see any inbound trafic on any other ports with a source address on the 217.10.8.0 network. So block that network from inbound except on port A.

    Also if you know that 217.10.8.0 is the only network off of port A then anything with a source that is not 217.10.8.0 coming in on port A is false. So block all inbound addresses from port A except 217.10.8.0 network.

    If enough network providers did this then the packets to start this DoS attack will never make it to the router with the RST packet. It will be dropped because the source address is spoofed.

    -Charles W.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.