Internet Security Scare
The Oulu University Secure Programming Group has found a hole in Simple Network Management Protocol (SNMP) through which hackers can launch denial-of-service attacks.
The CERT Coordination Center, a security research center at Carnegie Mellon University in the United States, issued an advisory on the security hole at 3:20 PM today. According to the CERT Alert, this security hole is likely to affect a large amount of the networking gear in use. Most vendors were already scrambling to provide customers with software patches as we write. Cisco Systems Inc. (Nasdaq: CSCO) has also issued its own security alert, saying the loophole could affect most of Cisco's switching and routing product families.
The CERT alert states that numerous vulnerabilities have been reported in multiple vendors' SNMP implementations. Specifically, these vulnerabilities could allow unauthorized privileged access or denial-of-service attacks (which occur when networking devices are flooded with millions of incoming packets), or cause unstable behavior.
SNMP is a widely deployed protocol that is commonly used to monitor and manage network devices. Version 1 of the protocol (SNMPv1) defines several types of SNMP messages that are used to request information or configuration changes, respond to requests, enumerate SNMP objects, and send unsolicited alerts, according to CERT.
Some experts believe that these vulnerabilities could cause serious problems. Greg Shipley, chief technology officer at security firm Neohapsis, says there is no way to know how much damage could be caused through these security loop holes, but he says they must be taken seriously.
"The implications are substantial, simply because of the number of products that this affects," he says. "The other thing is you in a complex situation like this the first hole is usually just the tip of the iceberg."
CERT/CC recommends that service providers disable SNMP and turn on several different filtering mechanisms on products for additional protection, until the problem can be resolved.
According to an unconfirmed report, WorldCom Inc.'s (Nasdaq: WCOM) UUNet, one of the largest Internet service providers in the world, has alredy seen interruptions in its backbone network, though it's unclear whether this is related to the SNMP security hole.
Products from most of the major networking companies are listed in the advisory as being affected. These include gear from 3Com Corp. (Nasdaq: COMS), Cisco, Enterasys Networks Inc. (NYSE: ETS), Hewlett-Packard Co. (NYSE: HWP), Juniper Networks Inc. (Nasdaq: JNPR), Lucent Technologies Inc. (NYSE: LU), Marconi PLC (Nasdaq/London: MONI), Nortel Networks Corp. (NYSE/Toronto: NT), and Redback Networks Inc. (Nasdaq: RBAK), to name a few.
We'll provide more information as it becomes available.
--R. Scott Raynovich, US Editor, and Marguerite Reardon, Senior Editor, Light Reading