Article

Cisco: Malicious ICMP messages could cause denial of service

Bill Brenner, News Writer

A publicly available document on how to use how the Internet Control Message Protocol (ICMP) to launch denial-of-service attacks has prompted Cisco Systems to issue an advisory outlining a variety of vulnerable products.

    Requires Free Membership to View

"A document that describes how the ICMP could be used to perform a number of denial-of-service attacks against the Transmission Control Protocol [TCP] has been made publicly available," the San Jose, Calif.-based networking giant said in the advisory. "This document has been published through the Internet Engineering Task Force Internet Draft process, and is entitled 'ICMP Attacks Against TCP.'"

Cisco said three types of attacks can occur:

  • Those using ICMP "hard" error messages;
  • Those using ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery [PMTUD] attacks; and
  • Those using ICMP "source quench" messages.

"Successful exploitation of attacks using crafted ICMP 'hard' error messages may

Read more on Cisco

Cisco patches multiple IOS flaws

Cisco makes case for self-defending networks

result in connections being dropped," Cisco said. "Successful exploitation of attacks based on 'fragmentation needed and DF bit set' [or PMTUD attacks] and ICMP 'source quench' error messages may result in connections being throttled to very low throughput."

While throughput is low, Cisco warned that "the output buffer of a sending host could overflow or packets could be dropped or be unnecessarily fragmented, which may affect applications and communication efficiency. Accordingly, crafted ICMP packets could interfere with network protocols, such as the Border Gateway Protocol, Label Distribution Protocol [LDP] and Data-Link Switching [DLSw]."

The company added that a PMTUD attack could push the CPU into overdrive and that extra memory on the receiving host could be eaten up because the CPU "will spend time and memory buffers to reassemble the incoming fragmented packets."

The advisory outlines free software available to fix the vulnerabilities in Cisco's products. It also outlines a list of workarounds for IT shops that can't immediately upgrade their systems.

Vulnerable Cisco products include:

  • Internetwork Operating Software [IOS]
  • IOS XR
  • IP Phones
  • PIX Security Appliance
  • Catalyst 6608 and 6624
  • Cisco 11000 and 11500
  • Cisco GSS
  • MDS 9000
  • VPN 5000 Concentrator
  • Some ONS products

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: