Fundamental Internet Flaw Revealed
from the oh-well.--time-to-log-off dept
Well, there's a flurry of news article being rushed online today as news comes out about a "fundamental flaw" with TCP that could allow hackers to basically screw up routers all over the world, severely impacting internet traffic. The flaw was discovered a few months back, and people have apparently been working on a fix, but the article isn't entirely clear on whether or not important routers have really been patched, or if it's still being worked on. Either way, the guy who discovered the flaw is set to make a presentation about it on Thursday, after which he believes just about any smart hacker should be able to exploit it and do their best to take down the internet. The news is still pretty vague otherwise about this threat, and I'm always a little skeptical about "this will bring down the internet!" style claims, so if anyone has more info about how serious (or not) this is, feel free to share. Update: As noted here it appears that we were correct in assuming the "oh no, the internet is going to fall down" predictions may have been overstated as the workarounds are perfectly reasonable.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
the same here
[ link to this | view in chronology ]
Re: the same here
Someone has figured out that its a lot easier, because of the window of sequence numbers that a TCP connection will accept (refer to good books on the subject for a good explanation of what that means), its possible to send a RST packet from a spoofed address/port and knock out a long term TCP connection if the details (source & dest IP ports and addresses) are known.
The primary example pointed out by the vulnerability discoverer is BGP, which is a major routing protocol used by many central routers. Basically a person could DoS BGP on these routers and prevent them from maintaining updated routing, which could be bad.
There are mitigating factors to the exploit, and steps that can be taken to lessen the chances of it working, but a complete "fix" will require a patch/update to how TCP works.
[ link to this | view in chronology ]
Re: the same here
[ link to this | view in chronology ]
What If
I drove across the continent last week, I was going crazy from boredom, it was Easter Sunday (when all espresso shops were closed), so in Kearney, Nebraska (middle of the continent), I stopped at a university computer lab, where the lab administrator let me use the computer because he could sense my anguish.
[ link to this | view in chronology ]
Re: What If
Nah, we still have tons of videogames and books to hold our attention. Sometimes I WISH the internet would collapse :) I might actually get some work done...
[ link to this | view in chronology ]
No Subject Given
Block address that should not be coming from that direction. IE if 217.10.8.0 is a network off of port A on your router then you should never see any inbound trafic on any other ports with a source address on the 217.10.8.0 network. So block that network from inbound except on port A.
Also if you know that 217.10.8.0 is the only network off of port A then anything with a source that is not 217.10.8.0 coming in on port A is false. So block all inbound addresses from port A except 217.10.8.0 network.
If enough network providers did this then the packets to start this DoS attack will never make it to the router with the RST packet. It will be dropped because the source address is spoofed.
-Charles W.
[ link to this | view in chronology ]