Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets with specific protocol fields sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
DHS is working closely with the information technology industry to improve vulnerability awareness and information dissemination. DHS received confirmation that this vulnerability was exploited in a laboratory environment. Industry representatives have also verified that an exploit for this vulnerability exists in the wild. The probability of continued exploitation is high.
...
Because routers and switches are an essential part of all network infrastructures, and because Cisco devices comprise a significant portion of those infrastructures, widespread exploitation of vulnerable Cisco devices could disrupt portions of the Internet.
[W]e used the latest survey of the Internet topology, giving the network at the inter-domain (autonomous system) level. Indeed, we find that the diameter of the Internet is unaffected by the random removal of as high as 2.5% of the nodes (an order of magnitude larger than the failure rate (0.33%) of the Internet routers), whereas if the same percentage of the most connected nodes are eliminated (attack), d more than triples. Similarly, the large connected cluster persists for high rates of random node removal, but if nodes are removed in the attack mode, the size of the fragments that break off increases rapidly
...
[D]espite frequent router problems, we rarely experience global network outages or, despite the temporary unavailability of many web pages, our ability to surf and locate information on the web is unaffected. However, the error tolerance comes at the expense of attack survivability: the diameter of these networks increases rapidly and they break into many isolated fragments when the most connected nodes are targeted.
June 2003 July 2003 August 2003 September 2003 October 2003 November 2003 December 2003 January 2004 February 2004 March 2004 April 2004 May 2004 April 2007
Best New Blog finalist - 2003 Koufax Awards
A non-violent, counter-dominant, left-liberal, possibly charismatic, quasi anarcho-libertarian Quaker's take on politics, volleyball, and other esoterica.
Lo alecha ha-m'lacha ligmor, v'lo atah ben chorin l'hibateyl mimenah.
Cairo wonders when I'll be fair
and balanced and go throw sticks...