DENVER
— A vulnerability in the Transmission Control Protocol
discovered by researchers last year could cause greater than
anticipated problems with inter-domain routing using the
Border Gateway Protocol, the Department of Homeland Security
warned this week.
In a Technical Cyber Security Alert published at its new Web site, the agency warned
that the TCP vulnerability allows remote attackers to
terminate TCP sessions, which could lead to widespread
denial-of-service problems.
The original TCP study by Paul Watson of Milwaukee prompted
efforts by Cisco Systems Inc. to implement patches in the
Internetwork Operating System used throughout its routers.
Additional research by Cisco and the Internet Systems
Consortium identified a problem with BGP application re-starts
caused by TCP vulnerabilities.
Several Internet consortia have suggested the regular use
of MD5 hashing signatures on TCP headers, or BGP tunneling
over IPsec, to provide greater security in session creation.
The agency's solutions could shift the current interest in
using high-layer security protocols like secure sockets layer
as virtual private networks. The security alert noted that
since SSL and SSH1/SSH2 do not prevent a TCP connection
re-start, it is better to use Layer 3 cryptographic solutions
such as IPsec to create secure TCP sessions.
The department's Computer Emergency Readiness Team also
issued a warning Tuesday (April 20) for Cisco's earlier use of
hardwired support for Simple Network Management Protocol,
though the implications of the SNMP vulnerability were less
critical than the BGP/TCP problem. Cisco said it has already
identified several solutions.
.gif){kind=small}
.gif){kind=small}
.gif){kind=small}