Security newsgroups are abuzz with news of a serious TCP vulnerability that could allow an attacker to 'create a Denial of Service condition against existing TCP connections, resulting in premature session termination'. BGP is said to be the most vulnerable to an attack.
BGP relies on a persistent TCP session between BGP peers. Resetting the connection can result in medium term unavailability due to the need to rebuild routing tables and route flapping. Route flapping may result in route dampening (suppression) if the route flaps occur frequently within a short time interval. The overall impact on BGP is likely to be moderate based on the likelihood of successful attack. If the TCP MD5 Signature Option and anti-spoofing measures are used then the impact will be low as these measures will successfully mitigate the vulnerability.
The flaw was identified by the American Department of Homeland Security's National Cybersecurity Division and the U.K.-based National Infrastructure Security Coordination Centre. Information Week is carrying a typical report, while eWeek is carrying a more level-headed story.
- Log in to post comments