Fundamental Flaw Threatens Entire Internet

A fundamental flaw has been discovered in TCP, and the AP is reporting that this flaw could "cripple" the entire Internet. TCP is the protocols that sits underneath all of the other protocols and technologies that makes up the Internet. In effect, it is the technology that controls/allows digital traffic to get to its destination. The new flaw that has been discovered could allow the bad guys to attack the routers that govern that digital traffic, potentially bringing down the whole shebang. From the AP report:



The flaw affecting the Internet’s "transmission control protocol," or TCP, was discovered late last year by a computer researcher in Milwaukee, Paul "Tony" Watson, 36, who said he identified a method to reliably trick personal computers and routers into shutting down electronic conversations by resetting the machines remotely.


Routers continually exchange important updates about the most efficient traffic routes between large networks. Continued successful attacks against routers can cause them to go into a stand-by mode, known as "dampening," that can persist for hours.


Experts previously maintained such attacks could take between four to 142 years to succeed because they require guessing a rotating number from roughly 4 billion possible combinations. Watson said he can guess the proper number with as few as four attempts, which can be accomplished within seconds.


[…]


"Any flaw to a fundamental protocol would raise significant concern and require significant attention by the folks who run the major infrastructures of the Internet," said Amit Yoran, the U.S. government’s cybersecurity chief. The new flaw has dominated discussions since last week among experts in close-knit security circles.



There is more information in the full AP report, which was published by Wired News.

The Mac Observer Spin:

You can read more about Mr. Watson at his Web site, Terrorist.net, which seemingly isn’t what it sounds like. Mr. Watson is a security researcher who works in the security business. That means he isn’t a bad guy, but he is presenting his findings at an upcoming security conference, and that means, according to quotes from him in the AP article, that anyone who is at the conference will be able to exploit this vulnerability. Let’s hope that the networking industry has figured out how to deal with it by then.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.