Routers Rebuff Hacker Attacks
On Friday, CERT, the Computer Emergency Response Team at Carnegie Mellon University, warned that hackers would likely use the information to launch attacks (see CERT Advisory CA-2003-17).
"What we've found in the past, is that a publicly available piece of malicious code usually generates more attempts to exploit the vulnerability," says Shawn Hernan, senior member of the technology staff at CERT. "So far we have seen several attempts, but no reports that anyone has suffered harm." Posters on the North American Network Operators' Group (NANOG) mailing list also said they had seen increased denial-of-service attempts, some of which seemed to be launched by amateurs. But no one had reported any successful attacks.
Cisco is aware of the published vulnerability description. It warned customers on its Website early Friday. But the company contends that their customers have not experienced any widespread attacks as of yet.
“Cisco is aware that there have been isolated incidents of attempts to exploit the vulnerability,” says Robert Barlow, a company spokesman. “But we have no confirmation of any networks being impacted, and there are no reports of successful network attacks.” AT&T Corp. (NYSE: T) and Qwest Communications International Inc. (NYSE: Q), two major service providers using Cisco routers, also say they have not experienced any attacks.
“We’ve heard these rumors, too,” says Dave Johnson, an AT&T spokesman. “But we have seen no evidence of any successful attacks against the AT&T network.”
Hernan attributes the lack of attacks to efforts of Cisco and its service providers to prevent them. Carriers throughout the world have been implementing access control lists and software patches to routers since they were notified of the bug on Tuesday.
Some companies seem to be trying to capitalized on the heightened security alert. For example, a spokesman for Internet Security Systems Inc. (Nasdaq: ISSX), a security company, has been quoted in several news reports stating that the company had received several reports from Internet service providers that their routers were being attacked. The spokesman also said its customers had been seeing unusually large amounts of traffic using packet sequences that could be used to exploit the Cisco flaw.
“I think ISS is doing some self-promotion here,” says Zeus Kerravala, vice president, Yankee Group. “The flaw that was found isn’t earth shattering. It was a software bug. And it wasn’t discovered by AT&T’s network going down. Cisco found it internally and has dedicated a lot of resources to fixing the problem.”
ISS was not available for comment by press time.
But CERT's Hernan says there are legitimate reasons to be concerned. He views the vulnerabilities discovered in the Cisco routers to be serious.
"The death of the Internet is not imminent," he says. "But we aren't out of the woods yet. It's a little too early to claim that the bad news is over. We'll be watching the situation very closely."
— Marguerite Reardon, Senior Editor, Light Reading