Networks Under Attack Following Cisco Router Flaw

A software flaw in routers discovered by networking giant Cisco (Nasdaq: CSCO) has forced Internet carriers and others to apply fixes quickly before attackers cause network outages by exploiting the vulnerability.

Exploit code that takes advantage of the flaw was released early Friday morning, and networks using the Cisco routers and switches were being attacked once or twice per minute, ISS X-Force vice president Chris Rouland told TechNewsWorld.

Rouland, whose company's AlertCon warning meter was raised to level three –- the second highest alert level and a rare event for the company -- said corporate networks and countries that are known for slow security response, such as Korea, are most likely to experience network outages.

"This severity of flaw in this widespread a device is fairly rare," Rouland said. "We had one last year and one this year."

Weekend Slowdown

Aberdeen Group vice president of security and privacy Jim Hurley told TechNewsWorld that consumers might experience Internet slowdowns because of the large number of emergency maintenance outages occurring as Internet service providers and carriers patch the Cisco networking software.

"This is an emergency situation," Hurley said. "The folks that got a hold of the problem yesterday are probably applying patches today, or they were last night. You're likely to see a lot of IT folks working over the weekend and a lot of networks down."

All Routers at Risk

Cisco reported in an advisory on the problem that routers and switches running Cisco Internetworking Operating System (IOS) software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a denial-of-service (DoS) attack.

"My guess is that's 96 to 97 percent of the routers out there in the universe," Hurley said. "For all practical purposes, almost every single one of them [is affected]."

In its security advisory, Cisco reported that a rare sequence of crafted IPv4 packets with specific protocol fields sent directly to affected routers might cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet, the company said.

No Alarms

Cisco also reported that no alarms will be triggered, nor will affected routers reload to correct themselves. The company said the vulnerability, which can affect all Cisco devices running IOS software, may be exercised repeatedly, resulting in loss of availability until a workaround has been applied or a software patch is installed.

Cisco warned that, while applying the software fix it has made available, customers should be certain the devices to be upgraded contain sufficient memory.

Rouland said that, despite the availability of the software fix, financial institutions and people using voice over IP (VoIP) are likely to experience network slowdowns or outages.

Hurley said Internet infrastructure will be generally affected by the flaw -- regardless of whether a particular router is targeted -- because of the broad distribution of affected Cisco routers.

"There's really no choice but to take the network down," Hurley said. "I suspect most everybody will be on it real quickly."