ad info
   personal technology

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

CNN Websites
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines

 message boards





Hacking group reveals IP-security glitch

August 13, 1999
Web posted at: 1:50 p.m. EDT (1750 GMT)

by Kathleen Ohlson

Hackers, IT consultants embrace free security tool

Hacking your way to an IT career


(IDG) -- A hacking group says it's discovered a security vulnerability affecting Windows 95, 98 and 2000 as well as the SunOS and Solaris operating systems, allowing unauthorized users to intercept outgoing information.

The problem is related to the ICMP (Internet Control Message Protocol) Router Discovery Protocol (IRDF), which determines the way computers connect to the Internet. The glitch lets an attacker spoof a route, according to an advisory issued Wednesday by hacker-security specialists L0pht Heavy Industries (link below). As a result, attackers can reroute outbound traffic on vulnerable systems; modify traffic; act as "man in the middle;" or launch denial of service attacks, L0pht said. All of these attacks, excluding denial of service, require the unauthorized user to be on the same network as the victim, the specialists said.

Man-in-the-middle attacks occur when an attacker acts as "a proxy between the victim and end host," L0pht said. The victims think they are directly connected to the end host, but they are actually connected to the attacker, who is connected to the end host feeding information through. For example, an attacker acting as man in the middle may access all banking information online without the victim knowing, L0pht said.

A denial of service attack is when routers, T1 and T3 lines are jammed with data that prevent users from accessing a site.

According to L0pht's Weld Pond, Microsoft Corp. turned IRDF on by default for Windows 95 and 98, and it stays enabled even when a user has configured a system to turn it off. "This means that many people out there are running this vulnerable protocol and they don't know it," Weld said. "This is the crux of the security problem."

However, Microsoft said IRDP is enabled by default in Windows 95 and 98 "because the industry standard requires it." The company said IRDP attacks are due to "weaknesses in the protocol itself and not due to any security vulnerabilities in Microsoft products." Microsoft also said these attacks could happen with other vendors that implemented IRDF.

According to Microsoft, IRDF "assumes a benign environment" and can't check if any participants are deliberately providing false information. Agreeing with L0pht that an authenticated protocol would be more secure, Microsoft said it hopes L0pht plans "to design a more secure version of the protocol" and bring it to the Internet Engineering Task Force.

OPINION: A firewall can't do it all
July 30, 1999
Extranet management technology matures beyond the firewall
July 19, 1999
Is your business as safe as you think?
July 16, 1999
Global effort to push Net protocol
June 30, 1999
Is the e-commerce boom fueling security holes?
April 26, 1999

Want to prevent break-ins? Just ask a hacker
Security hole in IE 5 reportedly exposes user names, passwords
Making the Web safe for commerce
(The Industry Standard)
Hackers take a holiday
(PC World Online)
Security lax for federal employees' personal info
Clinton creates joint public-private security council
How does social engineering compromise Internet security?
Year 2000 World
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

L0pht Heavy Industries advisory
Microsoft Corp.
Sun Microsystems, Inc.
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.