April 21, 2004

BY TED BRIDIS

WASHINGTON -- Researchers have uncovered a serious flaw in the underlying technology for nearly all Internet traffic.

The British government announced the vulnerability in core Internet technology on Tuesday.

''Exploitation of this vulnerability could have affected the glue that holds the Internet together,'' said Roger Cumming, director for England's National Infrastructure Security Coordination Centre.

The Homeland Security Department issued its own cyberalert hours later that attacks ''could affect a large segment of the Internet community.'' It said normal Internet operations probably would resume after such attacks stopped. Experts said there were no reports of attacks using this technique.

The flaw affecting the Internet's ''transmission control protocol,'' or TCP, was discovered last year by a researcher in Milwaukee. Paul Watson said he identified a method to trick personal computers and routers into shutting down electronic conversations by resetting them remotely. Routers continually exchange important updates about the most efficient traffic routes between large networks. Attacks can cause them to go into a standby mode that can persist for hours.

In recent weeks, some U.S. government agencies and companies operating the most important digital pipelines have fortified their own vulnerable systems because of early warnings. There were few steps for home users to take; Microsoft Corp. said it did not believe Windows users were too vulnerable.

On Thursday, at an Internet security conference in Vancouver, British Columbia, Watson is expected to disclose details. He predicted that hackers would understand how to launch attacks ''within five minutes of walking out of that meeting.''

AP