Packet Rat: The Net survives a feeble fable
Michael J. Bechetti
Sometimes the story of computer security reads like a Tom Clancy novel. And other times, it reads like a nursery rhyme.
The recent hullabaloo over a TCP vulnerability at the core of the Internet sounded like one part The Hunt for Red October, one part 'Chicken Little' and one part 'The Boy Who Cried Wolf.'
The long-recognized fact that a TCP session could be reset with a single, properly spoofed packet suddenly became a national security issue. Why? A researcher discovered it was statistically possible to guess at the range of packet identification numbers a given TCP session was expecting, if enough packets could be forged to hit every possible window of numbers.
Everyone had assumed that no TCP session ran long enough to be vulnerable to such an attack. As it turned out, the only place immediately vulnerable to this theoretical exploitation of TCP functionality was the core of the Internet, the traffic streams between the peered routers that connect one Internet service provider's network to another's.
In other words, the only thing this TCP exploit was really good for was blowing up the entire Internet.
'Panic! Flee!' cried the Rat's computer security chief as he crawled under his desk clutching a U.S. CERT report. 'The Internet is falling!'
Of course, by the time the security wonk had read the report, most Internet providers of any significance had already locked down the traffic between their routers and the others' by implementing'ready for this?'the 6-year-old recommendation 2358 from the Internet Engineering Task Force that acknowledged the vulnerability of Border Gateway Protocol traffic between routers. The IETF even recommended Message Digest 5 hashing, a form of shared-secret encryption, to protect against the very spoofing everyone was so worried about.
'See? You could go home all along,' the Rat soothed his security chief. 'All you have to do is tap your heels together and say, 'MD5 hash, MD5 hash.''
So, why did it take six years and a Homeland Security Department warning to get ISPs and network managers to apply an already well-known security patch? Well, to be honest, it was because ISPs and other major backbone providers for federal agencies would have to cooperate.
And if you've ever been to an ISP conference, you know that getting network engineers to cooperate is like getting them to split a lunch check. Suddenly, they have other things to do, and they stick it all to the poor soul who was sitting way in the back. This is known in the Net biz as first-mover advantage.
So, trust the Rat: The Internet is not going to suddenly collapse at the center because of some information warfare attack that resets all the routers as if they were Microsoft Windows systems on Patch Tuesday.
At least not today.The Packet Rat once managed networks but now spends his time ferreting out bad packets in cyberspace. E-mail him at [email protected].