Group warns of widespread security flaw among Internet network devices

[InfoSec News <isn () c4i org>]

http://www.nandotimes.com/technology/story/249685p-2354258c.html

By D. IAN HOPPER, AP Technology Writer 

WASHINGTON (February 12, 2002 2:20 p.m. EST) - From desktop computers
to traffic management systems, much of the Internet's network devices
have a security flaw that could allow hackers to shut them down or
gain control of the devices, a government-funded research group warned
Tuesday.

The problem is most serious for Internet service providers, which use
systems called routers to manage the flow of messages across computer
networks and the Internet, the group said.

"ISPs that don't act will have a reasonable chance of having their
routers go down," said Alan Paller, research director at the Sans
Institute in Maryland.

The CERT Coordination Center, based at Carnegie Mellon University in
Pittsburgh, planned to release an alert Tuesday. Marty Lindner of CERT
said hundreds of vendors use the Internet protocol found to be at
risk. The warning, to be posted on CERT's Web site, lists the steps
businesses and consumers should take to protect themselves.

CERT is funded in part by the Defense Department.

"Some companies actually have all their patches ready to go," Lindner
said. "Some companies have been diligently working on patches, but
they have a lot more work to do."

When update programs aren't available, Lindner said the site will tell
users how to reduce the risk of an attack.

Lindner said the problem was found recently by researchers at the
University of Finland at Oulu, but it has existed for more than 10
years, since the "Simple Network Manager Protocol" was written.

"I don't think anyone looked for it," prior to the Finland
researchers, Lindner said.

SNMP is used to gather information from network systems, or configure
them remotely. Paller said Internet providers could safely disable
SNMP until a patch is available, but may have difficulty billing their
customers.

Depending on the flavor of SNMP, a hacker could shut down a victim's
device or get full access to it.

Microsoft systems, frequently derided for security problems, may have
a leg up on the problem. Microsoft operating systems turn SNMP off by
default, Lindner said. "But that doesn't mean it can't be enabled by
some other product you could install on top of it," he added.

Russ Cooper of security firm TruSecure said his company is testing a
tool that could be used to break into computers running SNMP. He said
the tool is "in the wild," meaning that it could be available to
malicious hackers.

Security experts were sober about the threat, with one joking that if
a hacker took down the Internet, he wouldn't be able to brag to his
friends that he did it.

"I'm worried that it could cause some disruptions," Cooper said. "I'm
not worried about the end of the Internet as we know it."

Discuss this story in our news forums:
 


-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.