MAIN PAGE
WORLD
U.S.
WEATHER
BUSINESS
SPORTS
POLITICS
LAW

SCI-TECH

SPACE
HEALTH
ENTERTAINMENT
TRAVEL
EDUCATION
CAREER
IN-DEPTH

QUICK NEWS
LOCAL
COMMUNITY
MULTIMEDIA
E-MAIL SERVICES
CNNtoGO
ABOUT US

CNN TV

what's on
show transcripts
CNN Headline News
CNN International
askCNN

EDITIONS

CNN.com Asia
CNN.com Europe
set your edition

Another flaw exposed in TCP

From...

By James Evans

(IDG) -- Another security flaw has emerged with communications based on Transmission Control Protocol (TCP) that could be used to "hijack" a user's session on the Internet or a corporate network, a computer security services company announced Monday.

Tim Newsham, a senior research scientist with Waltham, Massachusetts-based Guardent, discovered the TCP vulnerability, the company said. Newsham's research exposes a weakness in the generation of TCP's Initial Sequence Numbers (ISN), which are used to maintain session information between network devices. ISNs are used as a handshake between two machines, identifying legitimate packet traffic.

MESSAGE BOARD

Security on the Net

IDG.net INFOCENTER

Visit an IDG site

IDG.net search

The numbers are randomly generated, but they can be guessed with a high rate of accuracy, the company said. Sequence numbers coupled with session information could provide network access and then offer a launch pad to conduct sophisticated network attacks. A hacker could launch denial-of-service attacks to cut off individual Web server connections, commence an information poisoning attack to taint legitimate data and hijack a user's session on a computer system.

Guardent has no hard evidence the vulnerability has been used by hackers, said Jerry Brady, Guardent's vice president of research and development. This is not the first time that ISN weaknesses have been discovered, he said. Improvements to TCP were made in 1989 and again in 1995 to ensure more secure TCP sessions, Brady said.

Cisco on March 1 announced a similar flaw in its Internetwork Operating System software that could compromise traffic sent to and from its routers and switches. Cisco had no evidence that the vulnerability had been exploited.

Guardent has shared its information on the vulnerability with the Computer Emergency Response Team Coordination Center at Carnegie Mellon University in Pittsburgh, network equipment vendors, operating system vendors and government agencies, the company said.

RELATED STORIES:

Flaw revealed in some Cisco software
March 5, 2001
One year after DoS attacks, vulnerabilities remain
February 8, 2001
Microsoft Web sites suffer large scale blackout
January 24, 2001
Feds warn about rise in attacks against e-commerce sites
December 7, 2000
Exchange bug could be exploited for denial-of-service attacks
November 6, 2000
Web sites unite to fight denial-of-service war
September 27, 2000

RELATED IDG.net STORIES:

TCP hole may be more dangerous than first thought
(Computerworld)
Another flaw exposed in TCP
(InfoWorld.com)
Flaw revealed in Cisco IOS software
(IDG.net)
IBM bets on new storage technology in low-end disk arrays
(Computerworld)
FBI warns of digital-crime wave from Eastern Europe
(The Industry Standard)
Military satellite software stolen
(Network World Fusion)
Amazon unit loses credit card data to hackers
(IDG.net)
Experts debate U.S. power grid's vulnerabilities to hackers
(Computerworld)