ISPs rush to fix Cisco flaw
Internet service providers are vulnerable to a flaw in Cisco routers that could cause some Web sites and servers to become inaccessible, according to network administrators.
While details of the flaw are unclear, it is apparently widespread and affects much of the network infrastructure used by the major Internet service providers, CNET News.com learned Wednesday. Cisco is a major provider of network switches and routers used to direct data across the Internet.
Cisco could not immediately comment, but telecommunications provider Sprint confirmed that there is a problem.
"Sprint is aware of the issue regarding Cisco," said spokesman Charles Fleckenstein, reading from a statement. "Modifications are being performed on the Sprint Internet backbone, and customers should have no concerns regarding an interruption of service in regards to Sprint."
The flaw could be used by an attacker to crash a router, clogging the Internet's communications channels, sources said. Due to the vulnerability's nature, the router won't appear to be down, said one network expert familiar with the flaw. The router would have to be restarted or reset to make it operational.
While Fleckenstein couldn't confirm the details of the flaw, he stressed that network outages elsewhere on the Internet could affect its customers' connections and their ability to reach Web sites.
"While the appropriate measures are being taken to protect the Sprint Internet backbone, issues may arise with traffic that is handed off to other carriers, if those carriers have not taken the measures that Sprint has, to protect their networks," Fleckenstein said.
Sprint expected to have its network hardware updated by Thursday morning.
Other ISPs, including Level 3 and AT&T, did not immediately comment on the issue. However, messages posted on a network administrators' mailing list indicated that those companies were also upgrading their networks.
Bruce Schneier, a noted security expert and chief technology officer for network monitoring service provider Counterpane Internet Security, wasn't ready to ring the alarm bell, however.
"Could it be a problem? Of course, it could be a problem, but so could the other 30 vulnerabilities that have been announced this week," he said.
While it's difficult to gauge how critical the glitch is, he added, any issue with the Internet backbone--the large communications channels that connect different areas of the Net--should be taken seriously.