Hackers Attack Cisco Flaw; No Outages Reported

There were no immediate reports of outages or slowdowns, suggesting that network administrators heeded Cisco's warnings about the flaw and implemented workarounds or installed the free patch.

"Cisco is aware that there have been isolated incidences of attempts to exploit the vulnerability," company spokesman Jim Brady said Friday. "We have no confirmation of any networks being impacted. There are no reports of any successful attacks."

Security researchers, however, warned that the exploit -- a snippet of software code that takes advantage of the flaw -- has been available for a short time and hackers may just be trying it out before attempting major attacks. Cisco first publicly warned of the flaw in its Internetwork Operating System software on Thursday.

"This exploit was created not as a proof of concept -- it was created to exploit the vulnerability and cause damage," Dan Ingevaldson, engineering manager for ISS' X-Force research development group. "We presume hackers went to work as soon as they heard about it."

Internet security companies boosted their threat assessment levels, and government agencies also repeated warnings.

"It poses a great danger simply because there's such a large number of networks that are running on this hardware," said Oliver Friedrichs, a senior manager at Symantec Security Response.

The FBI was monitoring the situation and promised "a thorough investigation into the exploit that is out there," said spokesman Bill Murray, who works with the FBI's Cybercrimes Division at the agency's Washington headquarters.

According to Cisco's alert, the vulnerability is exploited by sending a "rare sequence" of data packets to a device running IOS, the equivalent of Windows for routers and switches. It causes the device to stop processing traffic once its incoming queue is full.

The attack, which Brady said Cisco discovered through internal testing, does not trigger any alarms and can be repeated until the device is totally inaccessible and must be manually rebooted.

Because the flaw can be exploited just by sending a few packets of data, it is difficult to track. The hacker payload that can cripple routers and switches that run IOS could easily be combined with computer viruses or worms to turn desktop computers into launching pads for widespread attacks.

"It's so little traffic that it's really hard at an aggregate level pick out where the shots are coming from," said Paul Robertson, director of risk assessment at the security firm TruSecure.

An unusually high number of emergency maintenance outages have been scheduled by Internet carriers and providers since Tuesday, Ingevaldson said.

Large Internet traffic carriers, such as AT&T, MCI and Sprint, have taken measures. Dave Johnson, a spokesman for AT&T, said the company was alerted by Cisco on Tuesday night.

"Cisco gave (the patch) to the big backbone people before they released even the news of the vulnerability to the rest of the world so they could get the major pieces of infrastructure protected," Robertson said.

Copyright © 2002 The Associated Press. All rights reserved. The information contained in the AP News report may not be published, broadcast, rewritten or redistributed without the prior written authority of The Associated Press.