Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

TCP Vulnerable, But Net Won't Go Down

A flaw in the basic TCP protocol used to transmit data across the Internet quickly seized the attention of security professionals Tuesday as various government agencies and security firms posted alerts warning that an exploit could let attackers to shut down connections between servers and routers.

Experts said the vulnerability poses a serious threat, which could possibly disrupt portions of the Net, or more likely impact enterprise networks. But they also urged end users and IT security pros to remain calm.

"The Internet isn't going down tonight," promised Chris Rouland, the vice president of Internet Security Systems' X-Force threat group. "Internet infrastructure providers have been given plenty of advance notice, and have taken additional security precautions so that not just anyone can connect to them and authenticate. That's mitigated a lot of the risk.

"But even the largest companies haven't had this advance notice, and may have some work to do tonight."

According to advisories posted by the United Kingdom's National Infrastructure Security Co-ordination Centre (NISCC) and the U.S. Computer Emergency Readiness Team (US-CERT), TCP -- the Transmission Control Protocol -- contains "a vulnerability which allows remote attackers to terminate network sessions. Sustained exploitation of this vulnerability could lead to a denial of service condition...and portions of the Internet community may be affected."

  • 1