Updated: 6:54 p.m.*ET April* 20, 2004
WASHINGTON - Researchers uncovered a serious flaw in the underlying technology for nearly all Internet traffic, a discovery that led to an urgent and secretive international effort to prevent global disruptions of Web surfing, e-mails and instant messages.
The British government announced the vulnerability in core Internet technology on Tuesday. Left unaddressed, experts said, it could allow hackers to knock computers offline and broadly disrupt vital traffic-directing devices, called routers, that coordinate the flow of data among distant groups of computers.
Exploitation of this vulnerability could have affected the glue that holds the Internet together, said Roger Cumming, director for Englands National Infrastructure Security Coordination Centre.
The Homeland Security Department issued its own cyberalert hours later that attacks could affect a large segment of the Internet community. It said normal Internet operations probably would resume after such attacks stopped. Experts said there were no reports of attacks using this technique.
The risk was similar to Internet users running naked through the jungle, which didnt matter until somebody released some tigers, said Paul Vixie of the Internet Systems Consortium Inc.
Its a significant risk, Vixie said. The larger Internet providers are jumping on this big time. Its really important this just gets fixed before the bad guys start exploiting it for fun and recognition.
TCP flaw lets attackers trick routers
The flaw affecting the Internets transmission control protocol, or TCP, was discovered late last year by a computer researcher in Milwaukee. Paul Watson said he identified a method to reliably trick personal computers and routers into shutting down electronic conversations by resetting the machines remotely.
Experts previously said such attacks could take between four years and 142 years to succeed because they require guessing a rotating number from roughly 4 billion possible combinations. Watson said he can guess the proper number with as few as four attempts, which can be accomplished within seconds.
Routers continually exchange important updates about the most efficient traffic routes between large networks. Continued successful attacks against routers can cause them to go into a standby mode, known as dampening, that can persist for hours.
Cisco Systems Inc., which acknowledged its popular routers were among those vulnerable, distributed software repairs and tips to otherwise protect large corporate customers. There were few steps for home users to take; Microsoft Corp. said it did not believe Windows users were too vulnerable and made no immediate plans to update its software.
Using Watsons technique to attack a computer running Windows would not be something that would be easy to do, said Steve Lipner, Microsofts director for security engineering strategy.
Already in recent weeks, some U.S. government agencies and companies operating the most important digital pipelines have fortified their own vulnerable systems because of early warnings communicated by some security organizations. The White House has expressed concerns especially about risks to crucial Internet routers because attacks against them could profoundly disrupt online traffic. [...]
