Researchers reveal gaping IP flaw

Thumbnail: 

Researchers at Finnish security firm Outpost 24 have revealed a flaw in the Internet Protocol (IP) that can disrupt any computer or server, according to a report by Webwereld Netherlands.

Apparently the flaw has been known to some for years. Now the researchers hope that an open admission will help them find a solution more quickly.

The flaw allows attackers to cripple computers and servers by sending a few specially formed TCP/IP packets. The result can be compared to a denial of service attack, in which networks are flooded with traffic, but in this case, as few as ten packets per second are needed to bring down a service it seems.

This latest revelation comes hard on the heels of the Domain Name Server (DNS) security flaw being made public earlier this year, which is still a cause for concern. The DNS problem means that users can redirected to copycat sites of the ones they actually want. Once they enter passwords and other information, phishers can access their actual bank and other accounts.

A number of products have hit the market in an attempt to address the DNS problem, such as the DNS Firewall introduced by Infoblox on Tuesday. This is an addition to its line of core network services appliances designed to prevent so-called cache poisoning - the interception of requests for information and redirecting of traffic.

Infoblox is working with Dan Kaminsky, who is credited with identifying the DNS problem, to establish how many vulnerable systems have been patched so far. Anecdotal evidence suggests the number is as low as 30%.

Infoblox and Kaminsky are to publish the results of a formal, global survey in November.

The really bad news though is that firewalls and other intrusion prevention mechanism don't help with the IP flaw because, by definition, they support TCP/IP and are therefore vulnerable.
 
See here for the full story.