Allied Telesyn Inc. Advising Customers of Vulnerability of Routers With Border Gate Protocol; Adding Protocol to Protect Networks.Business Editors/High-Tech Writers BOTHELL, Wash.--(BUSINESS WIRE)--April 29, 2004 Allied Telesyn, Inc, a global leader in IP-based networking solutions for the access edge today alerted customers using its Layer 3 routers of a recently discovered vulnerability to spoofed packets, which could result in terminated connections. The company said it is adding MD5 to BGP (Border Gateway Protocol) The routing protocol that is used to span autonomous systems on the Internet. It is a robust, sophisticated and scalable protocol that was developed by the Internet Engineering Task Force (IETF). routers to remedy the problem. MD5 is a cryptographical process for checking packet authenticity The correct attribution of origin such as the authorship of an e-mail message or the correct description of information such as a data field that is properly named. Authenticity is one of the six fundamental components of information security (see Parkerian Hexad). from the sender to the receiver. "We've known for some time that Border Gateway Protocol Border Gateway Protocol - (BGP) An Exterior Gateway Protocol defined in RFC 1267 and RFC 1268. Its design is based on experience gained with Exterior Gateway Protocol (EGP), as defined in STD 18, RFC 904 and EGP usage in the NSFNet backbone, as described in RFCs 1092 and 1093. (BGP) products have the greatest potential for impact to this issue, so that's why we're adding MD5," said Phil Jopa, chief technology officer for Allied Telesyn. "Because Transmission Control Protocol sessions used by BGP routers can remain connected for weeks or months, the vulnerability could cause significant portions of the Internet to be isolated. This is just one example of how we're anticipating technological issues and handling them in real time." Jopa said the vulnerability affects both Transmission Control Protocol (TCP (1) (Transmission Control Protocol) The reliable transport protocol within the TCP/IP protocol suite. TCP ensures that all data arrive accurately and 100% intact at the other end. ) and Border Gateway Protocol (BGP) products. However, because TCP sessions are typically shorter, they are less vulnerable than BGP products. Jopa also said network operators cannot completely defend against this vulnerability, and that the only way to defend against it is to force the attacker to increase the amount of data they must guess to disrupt the network. Both external and internal BGP sessions are vulnerable to attackers. If a session between two routers is disrupted dis·rupt tr.v. dis·rupt·ed, dis·rupt·ing, dis·rupts 1. To throw into confusion or disorder: Protesters disrupted the candidate's speech. 2. , all routes advertised between the two peers will be withdrawn. Depending on the routing configuration, there may be no adverse effects. If an appropriate static route has been defined on both sides of the affected session, traffic will be rerouted along other paths (which could cause some congestion The condition of a network when there is not enough bandwidth to support the current traffic load. congestion - When the offered load of a data communication path exceeds the capacity. on those alternate paths) or in the worse case, a portion of the network could be isolated and unreachable. About Allied Telesyn, Inc. Founded in 1987, Allied Telesyn, Inc. is a worldwide leader in IP-based networking products for carriers, service providers, enterprises, and educational institutions. With wholly-owned manufacturing facilities that deliver superior quality, Allied Telesyn delivers more than 1200 products to more than 50,000 customers worldwide. The company has comprehensive lines of high-quality access, aggregation, and core transport products for fiber and copper networks. In addition, ATI (ATI Technologies Inc., Markham Ontario, http://ati.amd.com) A leading manufacturer of graphics chips and display adapters. Founded in 1985 by K. Y. Ho, Benny Lau and Lee Lau, ATI chips and boards are widely used by OEMs. has extensive global professional services (job) professional services - A department of a supplier providing consultancy and programming manpower for the supplier's products. and support organizations to back them up. With approximately $500 million in annual revenue, Allied Telesyn operates in more than 30 countries on five continents. For more information, please see www.alliedtelesyn.com. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion