Cisco warns of serious software flaw; no outages reported but hacker attacks feared

<br>SAN JOSE, Calif. (AP) _ A day after Cisco Systems Inc. warned of a serious software flaw in networking gear that routes Internet traffic, researchers said hackers had figured how to cripple the equipment.

Friday, July 18th 2003, 12:00 am

By: News On 6

SAN JOSE, Calif. (AP) _ A day after Cisco Systems Inc. warned of a serious software flaw in networking gear that routes Internet traffic, researchers said hackers had figured how to cripple the equipment.

There were no immediate reports of outages, but that was expected to change, the Computer Emergency Response Team, a taxpayer-funded group at Carnegie Mellon University, said Friday in an advisory.

Internet security companies boosted their threat assessment levels.

``This exploit allows an attacker to interrupt the normal operation of a vulnerable device,'' said an advisory from the group. ``We believe it is likely that intruders will begin using this or other exploits to cause service outages.'' ``Exploit'' is a term for a computer program that allows someone to take advantage of a flaw in a device.

``We presume hackers went to work as soon as they heard about (the flaw),'' Dan Ingevaldson, an engineering manager for Internet Security Systems.

The FBI was monitoring the situation and promised a thorough investigation, spokesman Bill Murray said. Murray works with the FBI's Cybercrimes Division at the agency's Washington headquarters.

The San Jose-based Cisco released a free patch to fix the flaw in its widely used Internetworking Operating System.

Operators of Internet companies scrambled Thursday to patch the flaw, which could cause widespread outages because Cisco routers and switches are so prevalent on the Internet.

According to Cisco's alert, the vulnerability is exploited by sending a ``rare sequence'' of data packets to a device running Internetworking Operating System. It causes the device to stop processing traffic once its incoming queue is full.

The attack, which spokesman Jim Brady said Cisco discovered through internal testing, does not trigger any alarms and can be repeated until the device is inaccessible.

``This type of attack can be launched at a specific target, or launched indiscriminately to cause widespread outages,'' according to an alert issued by Internet Security Systems.

Large Internet traffic carriers, such as AT&T, MCI and Sprint, have taken measures. Dave Johnson, a spokesman for AT&T, said the company was alerted by Cisco on Tuesday night.