Networks endangered by ICMP flaw
Internet service providers as well as various enterprises were advised this week to update
their Internet communications infrastructure. This was advised after the discovery of a
vulnerability affecting a raft of major suppliers including Cisco, Juniper, Microsoft and
IBM. Security researchers have discovered that multiple TCP/IP implementations fail to adequately validate Internet Control Message Protocol (ICMP) error messages. As a result, hackers could reset or slow an established connection using spoofed ICMP error messages.
Applications that depend on long-lived, low latency or high throughput TCP connections would be particularly affected by such an attack. In order to spoof an ICMP message, an attacker would need to know or guess the source and destination TCP port. Security clearing house US CERT warns that Border Gateway Protocol (BGP) transmissions fall into both these categories and are therefore most at risk from attack. Such an attack would have devastating consequences.