 
TrainBuff
The New Haven Railroad
Premium
join:2003-05-01
Buffalo, NY
clubs:  | Internet Shutdown A hacker who found the flaw could effectively shutdown or cause severe interruptions to the Internet. Scary! | |
|
 | B777300
join:2002-01-02 | Re: Internet Shutdown Indeed...  | |
|
| | laz45
join:2002-08-01
Orlando, FL
clubs: | Re: Internet Shutdown How can this be done, i wanna do it | |
|
| | | 
lua6
Premium
join:2002-08-15
New York, NY | Re: Internet Shutdown You download Hacker.exe and your on your merry way... Spare me please | |
|
| | | | 
ThunderCorp
join:2002-03-11
Chula Vista, CA | Re: Internet Shutdown So the obvious question is,
What is affected? Routers only? MS Windows? UNIX variants? Everything except Macs? | |
|
| | | | | 
tiger72
SexaT duorP
Premium
join:2001-03-28
Saint Louis, MO
clubs: | Re: Internet Shutdown lets read this one more time:
"Late last year, a man in Milwaukee discovered a flaw in the TCP/IP protocol"
this is not OS specific.
--
low cost public gameservers www.clanpubs.net | |
|
| | | | | 
chickatwork
@alaska.edu | EVERYTHING USES TCP/IP if you're on the NET. Small LANs may not, may use appletalk or netbeui..anything longdist would be TCP/IP | |
|
| | | | | 
PunkGod
join:2003-02-02 | LMFAO!!!
I'm in a chat room right now that this forum I get on uses and they haven't heard of this problem till I told them about it and they don't believe its a problem at all lol. | |
|
| | | | | 
dddane
join:2002-01-10
Chicago, IL | everything except macs. l o l... thats a nice fantasy for apple | |
|
| | | Daemon
Premium
join:2003-06-29
San Francisco, CA | while i'm sure you're kidding, if you have to ask, you aren't talented enough to do it. 
--
-Ryan
Find me in the networking and Microsoft help forums | |
|
| | | 
MightWolf
join:2002-06-17
Windsor, ON | Actually, reading the details, it will be practically impossible to "shutdown the internet" - the attacker would need to know both end-points of all TCP connections..... | |
|
| | | | LoungeLizard2
join:2003-11-21
Vallejo, CA | Re: Internet Shutdown Wouldn't they only need to shut down the few main DNS servers of the internet. Unless you know the actual IP address of all the web pages you visit, you would be out of luck. | |
|
| | | | 
SpitefulCrow
Insert Witty Tag Here
Premium
join:2003-06-04
Berkeley, CA | Eh, not really, just enough to reset the long-running BGP sessions on most of the major backbones. | |
|
| | | | | LoungeLizard2
join:2003-11-21
Vallejo, CA | Re: Internet Shutdown Thanks  | |
|
| | | | 
purplejello
join:2001-08-23
Reno, NV
clubs: | Well, they'd know one end (their own), and they'd know the other end (the major DNS servers). | |
|
| | | |
| | | | |
| | | |
| | | 
PloKoon
Bumper Sticker Doctrine
join:2002-01-06
Cherry Hill, NJ
| said by laz45  :
How can this be done, i wanna do it
Pssst... go here: »www.turnofftheinternet.com/. Don't tell anyone!!
--
Real change happens when the pain of staying the same becomes greater than the pain of changing. | |
|
| | | |
| tdkyo
join:2002-12-07
Rochester, NY | Lets see if your router manufacturers can come up with a patch soon.... | |
|
| | 
bky
moof moof
Premium
join:2002-07-05
Austin, TX | Re: Internet Shutdown I think the article is referring to bigger routers like cisco | |
|
| | |
MightWolf
join:2002-06-17
Windsor, ON | Re: Internet Shutdown Well it's not like a hacker will spend hours tracking a home user's TCP inbound and outbound connections just so he can shut them down. | |
|
| | | | |
| 
garagerock
Premium
join:2002-06-14
Louisville, KY
| Come on.
Unless parties out there are privy to the locations of all of the root servers, I don't see this as a reality.
Is it scary that someone found a way to exploit TCP? Of course it is. But it looks like the gov't geeks are working on it...LOL, we should have a fix for it in about 5 years | |
|
| 
dpocoroba
Premium
join:2000-11-14
224.0.0.5
| Crazy news indeed. BGP resets are far from fast... it takes a few mins or so for less then 100 or so routes. Not to mention core backbone routers hold some 150,000 + internet routes. Major re-convergence time if that was to start happing. Another good reason to use MD5 on all protocols that support it.
--
"Knowledge is contagious, infect" | |
|
| | clarkism
join:2002-01-27
San Francisco, CA | Re: Internet Shutdown That would have to be a highly coordinated attack to reset several bgp sessions.
Is MD5 in clear text? | |
|
| | | 
pcscdma
Chocobo Chocobo Random Battle
Premium
join:2004-01-14
Winterset, IA
clubs:
| Re: Internet Shutdown said by clarkism :
Is MD5 in clear text?
I sure hope not!
--
The smarter computers get, the more faith I put into Newton's 3rd law. | |
|
| | | |
dpocoroba
Premium
join:2000-11-14
224.0.0.5
| Re: Internet Shutdown said by pcscdma :
said by clarkism :
Is MD5 in clear text?
I sure hope not!
No MD5 isnt anything like PAP, it uses hashes. when you configure it on the cisco router
" nei x.x.x. pass zzzz"
It will show up as encrypted in a "sh run". As someone posted earlier " nei x.x.x.x pass 0 zzzz " if you where to "sh run" with that command it will show the key in clear text since that command says not to encrypted the key.
--
"Knowledge is contagious, infect" | |
|
| 
koitsu
Premium
join:2002-07-16
Mountain View, CA | Shutting down the Internet would quite possibly be one of the most positive things ever to happen.
Good thing dreams are free, eh?
--
Making life hard for others since 1977. | |
|
hack3d
@cox.net | the mother of all exploits the title says it all. it doesnt look like a simple ms patch can fix this  | |
|
gruggni
Oxygen Gets You High
join:2003-07-28
Corpus Christi, TX
1 edit | Take down the internet I'm tired of spam and viruses, just kill it already.
Stop those bastards from making money.
People will have to go outside or watch tv.
Use the phone, HAHA voip, suckers.
How much do you depend on tcp/ip? | |
|
|
See 8 replies to this post |
|
fatmanskinny
Premium
join:2004-01-04
Wandering | Ouch! Maybe I will get some work out of this. Last time, I got a 2 month computer support contract because of SoBig. No telling how long my contract will be if the WHOLE INTERNET can be shut down and needs patching. | |
|
| 
insomniac
Oh Yeah
Premium
join:2002-09-22
Naperville, IL
clubs: | Re: Ouch! Good point. I have a part-time job because of Klez. | |
|
brandon
Some truth included in this post.
Premium
join:2003-03-31
Hurley, MS | Dang. The internet's broken. | |
|
Anon-E-Mus
@rockwellautomation.c
|  Way to go, Tony!!!
| |
|
| 
jap
Premium
join:2003-08-10
038xx | Re: Way to go, Tony!!! Agreed. | |
|
| | 
technick
Premium
join:2000-12-16
Loganville, GA | Re: Way to go, Tony!!! I hope Tony makes alot of money off of this. That would be the only way I would be this ethical in a world full of capitalism. Give me money and I won't make your life a living hell. | |
|
| | |
jap
Premium
join:2003-08-10
038xx | Re: Way to go, Tony!!! WHOA .... technick, you be more jaded & cynical than I. You people who are more like me than I am scare the livin' daylights oughta me. | |
|
| | | |
technick
Premium
join:2000-12-16
Loganville, GA
| Re: Way to go, Tony!!! Well think about it, we live in a very capitalistic society, and if you save goverments, and private industry millions & millions of dollars, should you get a little kick back as well? It makes perfect scense. Nothing in the world is free like it should be. If you can't change the game, beat them at their own game.
--
"Our greatest glory consists not in never falling, but in rising everytime we fall." - Confucius - - - - - - - - - - - Streamfire.net- - AIM - CoNFuCiUsNiCk | |
|
AthlGrond
Premium,MVM
join:2002-04-25
Aurora, CO | Well There Goes Comcast The center "encourages all BGP enabled Juniper or Cisco router administrators to turn on MD5 checksums as soon as possible while testing the patch supplied by router vendors."
How fast do you think Comcast will do this? | |
|
| BosstonesOwn
join:2002-12-15
Everett, MA
clubs: | Re: Well There Goes Comcast you want a time table with or without a rate hike ?
--
This package does not contain a winner... | |
|
| onionsoup
join:2003-02-21
Salem, CT
| Not until it shuts down their entire system and customers begin to complain. Then maybe just maybe they will begin to do something about it, but even then they will give their employees equipment they have not been trained on, and only do a General Custard patch job.
No love here for them sorry. | |
|
Yoda2009
join:2003-10-07
Toronto, ON | No threat? Something tells me hackers wouldn't want to take down the internet, as that's what they use. Then again if they're stupid enough... | |
|
|
hack3d
@cox.net | Re: No threat? and by the sounds of it, it only takes one stupid hacker | |
|
| |
| clarkism
join:2002-01-27
San Francisco, CA | Its not like one can take down the internet.
If someone where to take down an interface or a paticular BGP session, BGP would reroute that traffic. | |
|
| tonekilla
Pipe Dreams
Premium
join:2003-07-26
Gunnison, MS
clubs: | trust me. they would revel in taking down the whole internet. | |
|
| 
footballdude
Premium
join:2002-08-13
Imperial, MO
| said by Yoda2009 :
Something tells me hackers wouldn't want to take down the internet, as that's what they use.
What about terrorists? Their goal is to cause trouble. How much of the upcoming Presidential election will be conducted online? | |
|
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
 ·Optimum Online
| Router people, how to fix Just got off the phone with one of our upstreams, and it was quite easy to setup. In your bgp config:
neighbor x.x.x.x password 0 somethingsecret
On hitting enter, the bgp session will reset and your router is safe from the attack.
This site has some good general suggestions for using bgp securely:
»www.cymru.com/Documents/secure-b···ate.html
FWIW, the guy I spoke with who was setting up the other end said that this is all they've been doing for the past few days.
--
Thanks for the memories | |
|
| 
TivoNut
Premium
join:2002-04-18
Yorba Linda, CA
| Re: Router people, how to fix said by sporkme :
Just got off the phone with one of our upstreams, and it was quite easy to setup.
Yes, but how long did it take to get to the right guy? | |
|
| | |
teflon77
@comcast.net
 from:
pcscdma
| new protocols now can you guys see its a conspiracy....
all so we can have a mass exodus to BIC-TCP when the time is right. think about it... | |
|
kba4
join:2001-10-23
Canton, OH | anyone else see a possible flip side doesn't the US 'department of homeland security' want to 'rewire' the net? wouldn't this be the perfect cover to now make this necessary?
--
BREAKING NEWS: US MISTAKENLY KILLS SELF IN WAR ON TERROR! | |
|
|
See 7 replies to this post |
|
sunpost
join:2003-11-23
Allentown, PA
clubs: | My theory... Al Gore put this back door in his internet to sabotage the Republicans :P~~~ | |
|
| 
raw
War Eagle
Premium
join:2001-01-17
Madison, AL
clubs: | Re: My theory... For that to have happened, Al Gore would have first had to have invented the Internet.
Wait...
| |
|
|
pcscdma
Chocobo Chocobo Random Battle
Premium
join:2004-01-14
Winterset, IA
clubs: | Al Gore didn't invent TCP/IP | |
|
| | |
| | BosstonesOwn
join:2002-12-15
Everett, MA
clubs:
·Comcast
| Look it up on al gores internet. he indeed did create tcp/ip and udp i hear rumours of his hand in bic/tcp also.
What a genius he is. i wish i had invented this internet thingy.
--
This package does not contain a winner... | |
|
wolfox
Gentle Wolfox
join:2002-11-27
Dunnellon, FL
| Internet was not made... [insightful]... to be proof against unscrupulous individuals. It was founded in the spirit of communication, interoperability of all types of computer systems. In effect, an electronic, ethereal utopia. TCP/IP and it's various other protocols that use it as a transport were not meant to be "hardened" or secured.
But it is human nature to poke, prod, exploit and conquer everything in it's path. Greed, superiority, a rotten sex life - all good motivators to push the Internet and TCP/IP to the brink of extinction.
The protocol is not what's flawed here. People are. [/insightful]
--
Nothwest Arkansas' ONLY all Techno Radio Webcast, powered by SBC DSL! | |
|
| 
TheGiant
Next Year Is Here.
join:2001-03-28
Augusta, GA
| Re: Internet was not made... How long has the internet as we know it been around 10 years, 15, 20? IPv4 is all we are up to even AOL is up to ver 9.x Time to upgrade. Didn't I see a news article on something a zillion times faster last week let's go with that.
Everything man makes is flawed.
--
Keep America safe BUSH 2004 | |
|
Morac
join:2001-08-30
Riverside, NJ
·Comcast
| Not that big a deal According to this description it looks very simple to to do, but I doubt the home user has much to worry about since all it does is reset the connection. Most TCP connections don't last that long and since it requires knowing the sequence number and receive window size ahead of time it doesn't seem like something a script kiddie could take advantage of. Since it requires a "hands on" touch I doubt anyone will waste their time going after specific home users.
This will mainly affect machines/routers that constantly keep open a large number of TCP connections like those that use BGP. Implementing the ACK number checks and MD5 encryption will make this a lot harder to exploit, which I'm sure is what the higher risk targets have been doing.
In fact according to this guy over on Slashdot that's what they have been doing.
This guy also has some interesting insight into the problem.
A simple work-around to lower your chance of getting hit by this is to change your receive window size, which I'm sure everyone here has already done.
--
"snmp: the standard e-mail protocol on the Internet" - LinkSys user manual (page 17) | |
|
| systems2000
What? You Say It's Fixed. Hah
join:2001-11-29
Cyberspace
| Re: Not that big a deal said by Morac :
...and since it requires knowing the ... receive window size ... it doesn't seem like something a script kiddie could take advantage of.
I think you could find that information by going here »www.web100.org
said by Morac :
A simple work-around to lower your chance of getting hit by this is to change your receive window size, which I'm sure everyone here has already done.
If evryone uses different RWIN's throughout the Internet, I would think that would defeat the ability to tune transfer rates for performance.
said by Morac :
"snmp: the standard e-mail protocol on the Internet" - LinkSys user manual (page 17)
FUNNY!! Another reason why I don't use or recommend Linksys products.
--
Personal Theme Song:RUSH - Mystic Rythms from Power Windows. | |
|
| | |
jesseeu
join:2003-07-09
Key West, FL | Great... I just get my 3mbps upgrade and now they decide to take down the internet. | |
|
| bv21
join:2001-02-08
Key West, FL | Re: Great... Where are you located in Key West? | |
|
| | jesseeu
join:2003-07-09
Key West, FL | Re: Great... New Town | |
|
skoivisto
Premium
join:2003-01-06
Mchenry, IL | Whoa | |
|
|
Monster Rain
Premium
join:2002-08-03
USA | Turn on MD5 That's the fix | |
|
xrobertcmx
Premium
join:2001-06-18
Sterling, VA
clubs: | Does anyone know the jump off Point for all the VOIP connections to Indian Tech/Customer Support?
I would like it to go away. | |
|
Formeister
join:2000-10-28
Somers, CT
clubs: | What if..??? Since none of my compuers are bound to the tcp/ip protocol, does this mean I could take over the Intenet when the shi*t hits the fan? Newbies want to know.... | |
|
|
See 6 replies to this post |
|
|
|
|
Major TCP Vulnerability Unveiled
·
Re: My theory...