IE 11 is not supported. For an optimal experience visit our site on another browser.

Cisco router flaw could snarl Net, officials say

A flaw in Cisco's traffic-routing computers similar could knock Web sites offline and disrupt the  Internet, U.S. cybersecurity officials warned Wednesday.
/ Source: Reuters

A flaw in traffic-routing computers made by Cisco Systems Inc. could knock Web sites offline, snarl e-mail and disrupt other Internet activity, U.S. cybersecurity officials warned on Wednesday.

Computer technicians should update their software to plug a hole that could easily be exploited by hackers to knock networks offline, said officials with the U.S. Computer Emergency Readiness Team, or CERT.

"Someone with a modest amount of skill, by which I mean a freshman programmer, can attack a vulnerability and crash a router," said US-CERT researcher Shawn Hernan.

Cisco described the problem Tuesday night in a technical alert. Cisco customers can download an update for free from a company Web site, a spokeswoman said.

The announcement came hours after officials described a similar flaw in the TCP protocol used by Cisco and other routers to direct traffic across the Internet.

Hernan said technicians should not confuse the two alerts.

The TCP flaw affects every piece of hardware that directs traffic across the sprawling global network, while the Cisco vulnerability only applies to that manufacturer's products, he said.

A hacker could easily direct a Cisco router to shut down and restart, causing a temporary disruption in service. If the command were issued repeatedly, the router could effectively be taken offline, he said.

The flaw could knock specific networks offline but does not pose a threat to the entire Internet, he said.

"The death of the Internet is not imminent," he said.

Though technicians can reconfigure their routers to work around the problem, they are best off going to Cisco for updated software, Hernan said.

The updated software will also fix the TCP flaw, a Cisco spokeswoman said.

Amit Yoran, the top U.S. cybersecurity official, praised Cisco for its efforts to fix the problem.