Flaw Puts TCP Data Transfer At Risk

Flaw Puts TCP Data Transfer At Risk
By Michael Singer

A vulnerability found in Transmission Control Protocol (TCP) could allow an attacker to shut down parts of the Internet, U.S. and U.K. officials said Tuesday in separate alerts.

The U.K. National Infrastructure Security Coordination (NISCC) said systems that rely on persistent TCP connections, for example routers supporting Border Gateway Protocol (BGP), (define) are most at risk. The impact of this vulnerability varies by vendor and application, according to NISCC, but in some deployment scenarios it is rated critical.

TCP is one of the main protocols in TCP/IP networks. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent.

Engineers at Cisco Systems (Quote, Chart) and the NISCC were the first to find the problem that allows remote attackers to terminate network sessions. Advisories with NISCC and the CERT Coordination Center suggest multiple uses of this type of attack could range from data corruption or session hijacking to a full denial of service (define) condition.
... more at http://www.internetnews.com/xSP/article.php/3343161

any network tech has known this for decades.

TearForger

Why is the IETF just now getting around to trying to fix it?

Why did the Cisco guys suddenly freak out about it?

The news piece is tantamount to advertising the problem.

Maybe because Cisco's decided to fix more holes in their firmware:

Cisco warns of more critical software holes
Critical security holes affect almost every product the company makes

By Paul Roberts, IDG News Service April 21, 2004
Cisco Systems Inc. warned its customers about two critical security holes that affect almost every product the company makes. The vulnerabilities could be used by malicious hackers to create so-called "denial of service" (DoS) attacks, causing Cisco products to abruptly restart or drop active connections with other devices.
... http://www.infoworld.com/article/04/04/21/HNmoreciscoholes_1.html

If they publish these fixes in light of a panic over the basic TCP bug, maybe they don't look so irresponsible?

And I'm not entirely sure it's all that 'new'.

If I'm understanding what they are all hinting at, this exploit basically relies on spoofing packets, and possibly guessing the packet 'sequence numbers' to do various 'man-in-the-middle' type attacks, like sending RST packets to each end, etc...

If this is the case, this flaw has not only been known for a very long time, but is one of the reasons behind the design of IPv6 (everybody ready to switch? Me neither...).

Here's an article google threw at me describing how this exploit was used by Mitnick at one point in the 90's:
http://www.networkcomputing.com/unixworld/security/001.txt.html

IIRC, the quality of sequence number generation is one of the things that are looked at when a platform's security status is evaluated.

Unless I'm misunderstand what this 'new' flaw is, I guess.

I think it may be cover for Cisco to fix its own problems
cf http://www.infoworld.com/article/04/04/21/HNmoreciscoholes_1.html