Article

Update: Black Hat exploit underpins need to patch

Amy Storer, News Writer

Update -- Patching security flaws in routers, switches and other networking products is not just important, it's critical.

Network managers know this, but a computer security researcher reinforced this concept Tuesday at the Black Hat Security Conference in Las Vegas when he

    Requires Free Membership to View

revealed how an existing flaw in Cisco Systems Inc.'s Internetwork Operating Software (IOS) could be exploited using a specifically crafted IPv6 packet to take down corporate networks worldwide, or even worse, the entire Internet in a matter of seconds.

Michael Lynn resigned from his position with Internet Security Systems (ISS) two hours before his controversial presentation. Immediately following the presentation, Cisco announced that it had petitioned a California court for a cease and desist order against Lynn and conference organizers, threatening criminal charges.

Thursday Cisco and ISS agreed to a legal settlement with Lynn and conference organizer Jeff Moss, which forbids them from disseminating information about Lynn's presentation and bars Lynn from making further presentations at Black Hat, among other stipulations.

By exploiting an existing and widely known flaw, Lynn said, an automated attack against outdated or unpatched Cisco routers could bring down those systems or ultimately the Internet in its entirety.

While Lynn said, as reported by SearchSecurity.com, that these attacks could be foiled with a router firmware upgrade, he chose to proceed with the presentation despite Cisco's misgivings in order to do "what's right for the country and the national critical infrastructure."

Peter Lindstrom, an analyst at the Malvern, Pa.-based IT security research firm Spire Security LLC, said Lynn's disclosure increased the threat to organizations with unpatched devices because more people are now aware of his approach.

"Could it bring down the entire world? I don't know," Lindstrom said. "You have to believe that all the major players on the Internet have patched their systems because they understand the seriousness of the vulnerability in question."

He said vigilant enterprises should see no impact at all on their network infrastructures, but those reactively upgrading their systems are exposed to an increased level of risk.

Bob Hart, manager of network services with Kent State University, a Cisco shop based in Kent, Ohio, said he can understand both Lynn's and Cisco's concerns.

"When you're doing a presentation about vulnerabilities, I can see how demonstrating an exploit makes it effective," Hart said. "But because there are a lot of older routers out there that are susceptible, I understand why Cisco is upset."

Because the university is adamant about implementing security upgrades quickly, Hart said he's not threatened by the information leak or the possible subsequent attacks.

He added that the university patches what it can and turns off the vulnerable features if a router is too outdated to upgrade.

But for those organizations that aren't up to speed on security patches, Hart said this should serve as a major wake-up call.

Lindstrom said despite this or any future security concerns, there will always be those who neglect important security upgrades.

"This is like your mom saying, 'Look both ways before you cross the street,'" Lindstrom said. "Some kids are never going to look both ways and some network folks are never going to patch their routers."


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: