SAN JOSE, Calif. (AP) – Hackers attempted Friday to bring down network routing gear by exploiting a flaw in Cisco Systems equipment that carries the bulk of the world’s Internet traffic.
There were no immediate reports of outages or slowdowns, suggesting that network administrators heeded Cisco’s warnings about the flaw and implemented workarounds or installed the free patch.
“Cisco is aware that there have been isolated incidences of attempts to exploit the vulnerability,” company spokesman Jim Brady said Friday. “We have no confirmation of any networks being impacted. There are no reports of any successful attacks.”
Security researchers, however, warned that the snippet of software code that takes advantage of the flaw has been available for a short time and hackers may just be trying it out before mounting major attacks. Cisco first publicly warned of the flaw in its Internetwork Operating System software on Thursday.
Dan Ingevaldson, engineering manager for ISS’ X-Force research development group, said the software code was created to cause damage. “We presume hackers went to work as soon as they heard about it.”
Internet security companies boosted their threat assessment levels, and government agencies also repeated warnings.
“It poses a great danger simply because there’s such a large number of networks that are running on this hardware,” said Oliver Friedrichs, a senior manager at Symantec Security Response.
The FBI was monitoring the situation and plans to investigate, said spokesman Bill Murray, who works with the FBI’s Cybercrimes Division at the agency’s Washington headquarters.
According to Cisco’s alert, the vulnerability is exploited by sending a “rare sequence” of data packets to a device running IOS, the equivalent of Windows for routers and switches. It causes the device to stop processing traffic once its incoming queue is full.
Brady said Cisco discovered the flaw through internal testing. Attacks do not trigger alarms and can be repeated until the device is totally inaccessible and must be manually rebooted.
Because the flaw can be exploited just by sending a few packets of data, it is difficult to track. The hacker payload that can cripple routers and switches that run IOS could easily be combined with computer viruses or worms to turn desktop computers into launching pads for widespread attacks.
“It’s so little traffic that it’s really hard at an aggregate level to pick out where the shots are coming from,” said Paul Robertson, director of risk assessment at the security firm TruSecure.
An unusually high number of emergency maintenance outages have been scheduled by Internet carriers and providers since Tuesday, Ingevaldson said.
Robertson said Cisco gave the free patch to the largest service providers even before publicly announcing the vulnerability.
—
On the Net:
Cisco: http://www.cisco.com
AP-ES-07-18-03 1738EDT
Send questions/comments to the editors.
Success. Please wait for the page to reload. If the page does not reload within 5 seconds, please refresh the page.
Enter your email and password to access comments.
Hi, to comment on stories you must . This profile is in addition to your subscription and website login.
Already have a commenting profile? .
Invalid username/password.
Please check your email to confirm and complete your registration.
Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.
Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.