Version: 2008
  • On GameSpot: So-called 'Halo killer' gets 23 to life

July 16, 2003 3:52 PM PDT

ISPs rush to fix Cisco flaw

By Robert Lemos
Staff Writer, CNET News

  • Post a comment
Related Stories

Taking aim at denial-of-service attacks

 May 13, 2003

Bush unveils final cybersecurity plan

 February 14, 2003

Damage control

 February 6, 2003

Flaws in common software threaten Net

 February 12, 2002
Internet service providers are vulnerable to a flaw in Cisco routers that could cause some Web sites and servers to become inaccessible, according to a major telecommunications company and network administrators familiar with the issue.

While details of the flaw are unclear, it is apparently widespread and affects much of the network infrastructure used by the major Internet service providers, CNET News.com learned Wednesday. Cisco is a major provider of network switches and routers used to direct data across the Internet.

Cisco could not immediately comment, but telecommunications provider Sprint confirmed that there is a problem.

"Sprint is aware of the issue regarding Cisco," said spokesman Charles Fleckenstein, reading from a statement. "Modifications are being performed on the Sprint Internet backbone, and customers should have no concerns regarding an interruption of service in regards to Sprint."

The flaw could be used by an attacker to crash a router, clogging the Internet's communications channels, sources said. Due to the vulnerability's nature, the router won't appear to be down, said one network expert familiar with the flaw. The router would have to be restarted or reset to make it operational.

While Fleckenstein couldn't confirm the details of the flaw, he stressed that network outages elsewhere on the Internet could affect its customers' connections and their ability to reach Web sites.

"While the appropriate measures are being taken to protect the Sprint Internet backbone, issues may arise with traffic that is handed off to other carriers, if those carriers have not taken the measures that Sprint has, to protect their networks," Fleckenstein said.

Sprint expected to have its network hardware updated by Thursday morning.

Other ISPs, including Level 3 and AT&T, did not immediately comment on the issue. However, messages posted on a network administrators' mailing list indicated that those companies were also upgrading their networks.

Bruce Schneier, a noted security expert and chief technology officer for network monitoring service provider Counterpane Internet Security, wasn't ready to ring the alarm bell, however.

"Could it be a problem? Of course, it could be a problem, but so could the other 30 vulnerabilities that have been announced this week," he said.

While it's difficult to gauge how critical the glitch is, he added, any issue with the Internet backbone--the large communications channels that connect different areas of the Net--should be taken seriously.

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets

Market news, charts, SEC filings, and more

Related quotes

Cisco Systems (-0.09%) -0.02 23.36
Level 3 Communications (1.67%) 0.02 1.22
AT&T (-0.78%) -0.21 26.78
Dow Jones Industrials (0.11%) 11.11 10,321.03
S&P 500 (0.11%) 1.24 1,092.73
NASDAQ (-0.19%) -4.07 2,134.37
CNET TECH (-0.12%) -1.87 1,568.46
  Symbol Lookup
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET