Security Flaw Warning Prompts Fixes
April 22, 2004 -- (WEB HOST INDUSTRY
REVIEW) -- According to a report by research and
analysis firm Netcraft (netcraft.com), a
more advanced way of exploiting an old transmission
control protocol (TCP) security hole has emerged,
developed by Paul Watson, a security professional. The
flaw would allow an attacker to reset an existing TCP
session using specially crafted TCP packets.
Netcraft says most TCP sessions are
short-lived, so the vulnerability had little impact,
though certain critical protocols, such as Border
Gateway Protocol (BGP), depend on long-lived sessions.
Netcraft said the weakness can be addressed by using MD5
authentication to secure BGP sessions, a step most
Internet service providers never take because an exploit
seemed mathematically implausible.
Watson's exploit, however, makes the
attack of the vulnerability much faster, especially for
attackers controlling "bot networks" of compromosed
machines.
Watson announced plans on March 14 to
present a paper about his findings at the CanSecWest
conference, held yesterday. Prior to the presentation,
Watson had shared his plans with government security
officials in the US and the UK, who organized a response
with major vendors such as Savvis. Bill Hancock, chief
security officer for Savvis, said in the report that his
company implented fixes for the holes last weekend. The
fixes were based on the information Watson passed along,
Hancock said.
