IT experts scramble to fix Cisco flaw

Cisco announced the flaw with the devices, known as routers on Thursday – resulting in a race between security experts to install a patch, and hackers trying to exploit the error.

So far though, there have not been any reports of problems.

Analysts said that due to Cisco’s large market share with routers, coordinated attacks could have left a devastating impact on the internet.

By sending a special sequence of data, a malicious hacker could trick a Cisco router into believing it was full, causing it to crash.

But Shawn Hernan, a security specialist in the government-funded CERT Coordination Centre at Carnegie-Mellon University, said most major Internet operators were upgrading.

As of Friday, the flaw had not led to any service shutdown, he said.

“We have seen evidence of attempts (to shut down routers) but no evidence of a successful attack,” Hernan said.

“But I will say that the death of the Internet is not imminent. The good news is that most if not all the service providers have been upgrading.”

Hernan said that the Cisco routers, which are essentially computers that direct traffic, could be shut down if an attacker knew about the vulnerability.

Within a day of the advisories issued by Cisco and CERT, experts found “malicious code” circulating on the Internet that could be used by hackers to exploit the flaw.

“This exploit allows an attacker to interrupt the normal operation of a vulnerable device,” according to a CERT advisory. “We believe it is likely that intruders will begin using this or other exploits to cause service outages,” Hernan added.

Although the announcement provided information to hackers, Cisco and CERT were left with little options in order to get information out to the millions of website operators.

Private security experts were concerned as well.

Security firm TruSecure issued an advisory calling the problem “red hot.”

“The TruSecure research team has determined that this vulnerability presents a serious threat to its clients,” TruSecure said.