Firms told to patch TCP flaw to protect networks

Firms will need to patch their networks to fix a serious flaw in Transmission Control Protocol that could allow a hacker to crash...

Firms will need to patch their networks to fix a serious flaw in Transmission Control Protocol that could allow a hacker to crash or make parts of the network inaccessible, according to hardware suppliers and consultants. TCP is used on the majority of networks to enable data connections.

The government's National Infrastructure Security Co-ordination Centre highlighted the vulnerability, posting a global alert.

Phil Cracknell, chief technology officer at security consultancy netSurity, said the problem with TCP was a known flaw but had been considered low-risk.

To exploit the vulnerability an attacker would have to guess a sequence of numbers, a scenario that experts deemed highly unlikely. But Cracknell said, "It seems that a researcher has stumbled upon scenarios where any number of values can be used to great effect."

Network hardware supplier Cisco said all its products that use TCP were susceptible to this vulnerability and advised users to update their IOS network operating system software. The vulnerability could cause a TCP connection to break, which, Cisco said, in most cases would cause little harm to the network.

But it warned that router-to-router connections using Border Gateway Protocol (BGP) could be severely affected.

Richard Brain, technical director at security consultancy Procheckup, said, "BGP relies on a permanent TCP connection between two routers. A connection could last for minutes or even hours, so it is more likely to be affected [by the flaw]. If exploited, a hacker could prevent one part of a corporate network from communicating with another part."

Applying patches might not be a straightforward process. Chris Anley, joint founder of security testing company NGS Software, said, "Companies attempting to close the gaps may find they have to prevent some users getting access to their networks while they upgrade the operating software on their routers and switches. This may lead to network outages for some as it is a major task."

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.






  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...