RealTime IT News

Flaw Puts TCP Data Transfer At Risk

A vulnerability found in Transmission Control Protocol (TCP) could allow an attacker to shut down parts of the Internet, U.S. and U.K. officials said Tuesday in separate alerts.

The U.K. National Infrastructure Security Coordination (NISCC) said systems that rely on persistent TCP connections, for example routers supporting Border Gateway Protocol (BGP), are most at risk. The impact of this vulnerability varies by vendor and application, according to NISCC, but in some deployment scenarios it is rated critical.

TCP is one of the main protocols in TCP/IP networks. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent.

Engineers at Cisco Systems and the NISCC were the first to find the problem that allows remote attackers to terminate network sessions. Advisories with NISCC and the CERT Coordination Center suggest multiple uses of this type of attack could range from data corruption or session hijacking to a full denial of service condition.

"If an attacker were to send a Reset (RST) packet, for example, they could cause the TCP session between two endpoints to terminate without any further communication," the advisory said. "In the case of BGP systems, portions of the Internet community may be affected. Routing operations would recover quickly after such attacks ended."

Both advisories suggest checking with vendors for patches. At press time, Cisco and Juniper Networks issued patches for Cisco IOS and Juniper JunOS respectively.

If a vendor patch is not available, the advisories suggest:

* Implement IP Security (IPSEC) which will encrypt traffic at the network layer, so TCP information will not be visible
* Reduce the TCP window size (although this could increase traffic loss and subsequent retransmission)
* Do not publish TCP source port information

The Internet Engineering Task Force (IETF) has also published an Internet Draft to coincide with the release of the advisory.

The advisories and remedies are posted on the NISCC site as well as on the CERT Web site.