Search    in       Advanced Search
Ziff Davis Media
Already a Member? Sign In Not a member? Join Now
Home My Account Sign In


Cover: July 28, 2003

  • Try digital eWEEK!
  • Check out this issue
  • Past Issues
  • Free Subscription
  • Subscriber Help

  •   Free Online Seminars For IT Professionals
      Notebooks for the Masses!
      Navigating Your Backup & Storage Options

    Get eWEEK's
    FREE online newsletters!
    eWEEK Product Update
    eWeek Enterprise Update
    eWEEK News & Views
    Securing the Enterprise
    Peter Coffee's Enterprise IT Advantage
    eWEEK Storage Report
    Preferred e-mail format:
    Enter your e-mail:

    View All Newsletters
    Newsletters Help


    July 28, 2003
    Cisco Vulnerability in Check

    Despite fears that a flaw in the software that controls most of the routers and switches in the Internet would lead to widespread attacks and network outages, security monitoring companies said they have seen little indication of that happening.


    The vulnerability, which affects nearly all routers and devices running Cisco Systems Inc.'s IOS (Internetwork Operating System) software, was disclosed July 16, and a working exploit for the flaw hit the Internet two days later. Security experts and network operators worried that the ubiquity of Cisco's devices on the Internet and the easy availability of exploit code would lead to mass attacks on vulnerable routers.

    But none of that has come to pass yet.

    Timeline for Cisco flaw disclosure

    July 16

  • Cisco begins informing large customers of the flaw

  • Cisco's official bulletin is released

    July 18

  • Working exploit for the flaw is posted online

  • Attack activity begins but never reaches level experts feared

  • "It's been generally pretty quiet. The ISPs had pulled together and gotten their patches and access control lists done," said Charles Kaplan, senior director of research and managed security services and information security officer at Guardent Inc., a managed security services provider based in Waltham, Mass. "We've been getting a lot of calls from clients asking for advice, but no one has been screaming. It really looks like the ISPs did their jobs."

    Officials at Internet Security Systems Inc., in Atlanta, reported seeing some attack activity soon after the exploit was released. But the activity didn't reach the levels some experts had predicted.

    The vulnerability arises from IOS' failure to correctly handle some types of IPv4 packets sent to the device. When a set number of any of the types of packets hits the router, IOS mistakenly flags the input queue on the network interface as being full. After a period of time, the device stops processing traffic.

    Cisco's official advisory on the subject said the packets needed to be sent in a certain sequence. However, testing done by an independent consultant showed this to be incorrect. In fact, attack packets in any one of the four affected protocols can be used to hang a vulnerable router, according to research done by Jeffrey Sicuranza, principal consultant at Applied Methodologies Inc., a research lab based in Wantagh, N.Y. Cisco officials eventually amended their advisory to reflect Sicuranza's findings. The company also went so far as to list exactly which protocols could be used to send the offending packets to vulnerable routers, further raising fears that widespread attacks were imminent.

    The device can be forced to stop routing any traffic on any interface and requires a complete restart to resume normal operation.

    The big ISPs and network operators were among the first to know of the vulnerability. Cisco, based in San Jose, Calif., quietly told the major Internet players July 16, urging them to perform emergency upgrades on their devices. In the next 24 hours, Cisco issued an advisory warning the public of the vulnerability, and many security vendors and research organizations followed suit.

    Since then, network operators and IT staffs have been holding their breath, waiting to see if crackers attacked the new flaw. So far, the mad scramble to install patches seems to have worked.

    "It was a little scary when we were hearing rumors about the vulnerability, but Cisco hadn't disclosed it yet," Guardent's Kaplan said. "But Cisco really stepped up and took care of it."


    view more eSeminars >>

    Current Topic: Thin-Client Solutions. Brought to you by Wyse Technology Inc.


    Get the BEST PRICES on the hottest tech products in eWEEK's Tech Shop.

    More Tech Shop >>

    Ironmail - Email Security Appliance
    Ironmail is the world's first email security appliance. Designed to combat Spam & Viruses, IronMail offers the most support for security protocols. Infrastructure options include support for IMAP, LDAP, POP3, and variants of SMTP (like SMTPI and SMTPO.

    Free SSL VPN Security White Paper from Whale
    Accessing email and applications from Internet kiosks can leave behind ?footprints,? compromising confidential information. Learn about the many risks and how enterprises prevent them, so users can securely access email, files and apps from anywhere.

    Support Customers Remotely with Secure CRM Tool
    DesktopStreaming is a secure e-support solution that enables you to deliver help desk support to your remote customers or employees via shared screen, mouse and keyboard control. Access their desktop in just seconds - even over dial-up!

    AT&T-Cisco Portal Examines IP VPN Services.
    The IP VPN Portal from AT&T and Cisco Systems features numerous resources and tools, including a Webcast on how to increase productivity, lower costs and extend the power of your network.

    Anti-Spam Service for Business, Personal Domains
    Sign up and block 99% of spam by tomorrow. No gimmicks, no errors, no software, no training, no work on your part. Accurate database-driven solution does not use error-prone heuristics or algorithms. Flexible control panel, optional anti-virus.

    Get your product or service listed here.

    Email this Article
    Printer-Friendly Version

    Jason Brooks (module) Brooks: 
    Sun's Unix-License Paradox

    Reviews: Tools & UtilitiesTools & Utilities:  Vonage Refines Internet Phone Service
    Review:  Twingo Secures Systems
    Analysis:  Faster Fibre Channel on Tap

    Katt (module)Analysts' Daze
    Kattoon:  SCO's Darl McBride: The Early Years?

    Want an easy way to keep up with breaking tech news? Get eWEEK headlines delivered to your desktop with RSS.

    Recent Popular Titles:
    Protecting Networks from Attacks
    Mobile Data Security
    Inaccessible Data and Knowledge Mgmt.
    More White Papers and Reports on

  • Wireless
  • Storage
  • Security
  • CRM
  • ERP
  • VPN
  • Web Services
  • All Categories

  • eWEEK Free Subscription
    Apply now for a free subscription to the weekly print edition:
    First Name: Last Name:
    Company: Title:
    Address: City:
    State: Email:

    Sponsored Links
    Shop Now! - Dell Home Solutions Center

    Sponsored Links

    Free Monitor Upgrade w/ new Dell™ PCs. Click.

    See how storage drives continuous availability

    Dell: See how your current server configuration stacks up.

    Try the new Visual Studio .NET 2003 free for 3 hrs

    Try new Microsoft® Windows® Server 2003 free.

    DB2 information management software for an on demand era. Can you see it?

    WebSphere Software

    Tivoli Software

    Download the Ziff Davis Blades Server Report Here. Sponsored by Hewlett Packard.

    FREE HP Print Server Appliance

    FREE performance boost. Find out what you're MISSING.

    Click here for the Ziff Davis IT Zone sponsored by HP

    Customer Service | Contact Us | About | Advertise

    Ziff Davis Media:
    Home | Contact Us | Advertise | Magazine Subscriptions | Newsletters | RSS Feeds | White Papers | Tech Shop
    Baseline | CIO Insight | Computer Gaming World | Electronic Gaming Monthly | eSeminars | eWEEK
    ExtremeTech | GameNOW | Microsoft Watch | Official US PlayStation Magazine | PC Magazine
    Supersites: Security | Small Business | Storage | Wireless
    Copyright © 2000-2003 Ziff Davis Media Inc. All Rights Reserved.
    eWEEK and Spencer F. Katt are trademarks of Ziff Davis Publishing Holdings, Inc.
    Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Media Inc. is prohibited.
    For reprint information: click here.