Denial-of-Service Worries Dominate Cisco Patching -- Redmondmag.com

Denial-of-Service Worries Dominate Cisco Patching

By Joab Jackson
09/25/2009

Abandon all hope, ye who get stung by a denial-of-service attacks.

Well, almost all hope. If the latest semiannual round of security advisories from Cisco are any indication, DoS attacks continue to be a serious -- and largely unsolvable -- problem for networks.

Earlier this week, Cisco issued nine advisories for its Internetwork Operating System (IOS), the operating system software for most of the company's routers and switches. The company also issued two advisories for its Cisco Unified Communications Manager.

The advisories came as part of the company's routine half-year patching cycle. In total, the 11 advisories cover 12 potential vulnerabilities. Of the advisories Cisco issued, eight address vulnerabilities that could have left customers open to DoS attacks.

In a DoS attack, an attacker will flood a server or piece of networking equipment with packets requesting a service of one sort or another. A distributed denial-of-service (DDOS) consists of a flood of phony requests sent from multiple computers, both as a way to avoid detection and to increase the severity of the attack.

According to the advisories, attackers could down a Cisco router or switch via a DoS attack by flooding them with H.323 multimedia protocol-based packets, Network Time Protocol packets, Session Initiation Protocol packets or packets carrying requests in a number of other protocols.

The advisories note that mitigating against such attacks can be done largely by restricting the types of protocol packets that the hardware accepts to only those it requires to carry traffic. Cisco's workaround for the H.323 vulnerability, for instance, is to disable that service if the network is not carrying any traffic that uses that protocol (voice-over-IP, for instance uses H.323, as do many streaming video services). The patches being issued for these vulnerabilities, in effect, disable these protocols. Those who use these services, however, may have to look elsewhere for answers on how to fend off such attacks.

Of the remaining patches, two dealt with faults in authentication controls, and one addressed a crafty attack method of exhausting a device's security keys. For these problems, Cisco has issued patches, as well.

Since March 2008, Cisco has been releasing of non-critical security-related bug patches and advisories for IOS twice a year, in September and March. The company will release the next round of security patches on March 24, 2010.

About the Author

Joab Jackson is the chief technology editor of Government Computing News (GCN.com).

Featured

Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.
PowerShell Script Used in Phishing Attack May Be AI-Generated

A PowerShell script being used in a novel malware campaign may have been created by AI, according to security researchers at Proofpoint.