This is G o o g l e's cache of as retrieved on Apr 23, 2004 10:43:42 GMT.
G o o g l e's cache is the snapshot that we took of the page as we crawled the web.
The page may have changed since that time. Click here for the current page without highlighting.
This cached page may reference images which are no longer available. Click here for the cached text only.
To link to or bookmark this page, use the following url:

Google is not affiliated with the authors of this page nor responsible for its content.
These search terms have been highlighted: jeffrey guilfoyle solutionary 

Skip to main content
The Web     
enhanced by Google

Report: Flaw could shut down Internet traffic

Researcher exposes router vulnerability

Tuesday, April 20, 2004 Posted: 11:09 PM EDT (0309 GMT)

Story Tools
Save a link to this article and return to it at www.savethis.comSave a link to this article and return to it at  Email a link to this articleEmail a link to this article  
Printer-friendly version of this articlePrinter-friendly version of this article  View a list of the most popular articles on our siteView a list of the most popular articles on our site  

Computer Security
Computer Networking

(CNN) -- Major companies and government agencies are scrambling to ensure they are not vulnerable to an Internet flaw that would allow attacks that could disrupt all communication.

The Department of Homeland Security issued a Technical Cyber Security Alert Tuesday, warning that "sustained attacks" on routers between networks could lead to a "denial-of-service condition that could affect a large segment of the Internet community."

However, the alert also said that normal operations would likely resume shortly after the end of the attack, according to the agency.

The flaw is not new, but it was thought too difficult to exploit until researcher Paul Watson reported finding a way remote attackers could terminate network sessions. He detailed how in his paper "Slipping in the Window: TCP Reset Attacks."

Paul Vixie, president of Internet Systems Consortium Inc., compared the risk to Internet users "running naked through the jungle, which didn't matter until somebody released some tigers," The Associated Press reported.

"It's a significant risk," Vixie told AP. "The larger Internet providers are jumping on this big time. It's really important this just gets fixed before the bad guys start exploiting it for fun and recognition."

More typical denial-of-service attacks involved large numbers of computers sending huge amounts of data to routers and overwhelming them.

Watson's paper showed how an attacker could insert data and trick routers into shutting down network sessions, disrupting a network's communication.

Internet connections between computers are like telephone conversations, explained Jeffrey Guilfoyle, senior security expert at Solutionary Inc. If someone intercepts a call, they could potentially force it to disconnect. A similar situation applies online. In this case, an attacker would need to know specific computer Internet addresses in order to trick the systems into shutting down by resetting them remotely.

It all falls under the realm of "transmission control protocol," or TCP, which works in the background, sort of like traffic laws, to keep Internet data running smoothly.

And while it could be argued there is a flaw in the TCP programming, there is no hole that needs to be patched, such as with a worm or virus, Guilfoyle said.

But security experts believed it would take many years to try the millions of combinations necessary to launch a successful attack. The techniques in Watson's paper suggest it could be accomplished in minutes using only a handful of the combinations.

Guilfoyle said a nefarious hacker would still have to go after a bigger connection that's online for a long period of time, such as a large-scale router.

Routers act like doormen in that they "decide" how Internet traffic gets received and sent by using specific instructions in the TCP.

Many major companies and government agencies should have the necessary protections in place already, said government cybersecurity "czar" Amit Yoran: "The fact of the matter is that ... people who have been concerned about the security of their routers are not susceptible."

"The sky is not falling, and many of the core providers are already on top of this. I don't think ... that we'll see any type of large Internet outage and disruption."

Yoran stressed that home users would not likely encounter any side effects of the flaw. He said this is related mainly to networking, service providers and corporations. Hackers will also need some time to digest this information and plan an effective attack, meaning more problems could arise in the future, he cautioned.

"In my personal opinion, it's highly unlikely that someone surfing the Web tomorrow, who sees a Web site inaccessible ... it's highly unlikely that it's related to today's alert. More likely that time will be required for efficient exploits, for criminals to take advantage of this type of research."

Yoran also said the Department of Homeland Security has been in contact with various international groups and agencies to mitigate the hazard.

Copyright 2004 CNN. All rights reserved.This material may not be published, broadcast, rewritten, or redistributed. Associated Press contributed to this report.

Story Tools
Save a link to this article and return to it at www.savethis.comSave a link to this article and return to it at
Printer-friendly version of this articlePrinter-friendly version of this article
Email a link to this articleEmail a link to this article
View a list of the most popular articles on our siteView a list of the most popular articles on our site
Click Here to try 4 Free Trial Issues of Time! cover
Top Stories
Hard disk 'speed limit' found
Top Stories
'Time running out' in Fallujah, coalition warns


International Edition
CNN TV CNN International Headline News Transcripts Preferences About
   The Web     
enhanced by Google
2004 Cable News Network LP, LLLP.
A Time Warner Company. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines. Contact us.
external link
All external sites will open in a new browser. does not endorse external sites.
 Premium content icon Denotes premium content.