ZDNet UK


Skip to Main Content

  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Security threats Toolkit

Excite@Home IP flaw exposed

David Hellaby, ZDNet Australia ZDNet.co.uk

Published: 04 Aug 2000 09:50 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Excite@Home -- an Internet service run in Australia by Cable & Wireless Optus -- has warned it will take action against anybody who attempts utilise an IP vulnerability that allows a single user to block up to 127 IP addresses, effectively shutting people out of the service.

The company has admitted the problem but denies that there is any security risk to subscribers' computer systems.

The fault came to light Thursday when Excite subscriber Ian Millsom made the vulnerability public after he claimed the ISP had ignored the information he had provided them.

Millsom provided details of how to route 127 IPs through a single IP address.

"When you traceroute from an external address, the IP that you brought up on your network routes back through your local machine IP," he said. "If you use Linux to do this, when Windows users connect, they get the message: 'IP Conflict. Another computer on the network is using this IP address.'"

"Meanwhile, you get to play with as many IP addresses in that 128 block as you like," Millsom said. He said he had sent two emails to Excite@Home highlighting the problem but had had no response.

However, Excite@Home corporate communications manager Sheila Dhillon said the organisation's technical operations, engineering and security teams were aware of the issue and were working to resolve the matter with Cisco.

"The fix is available within our current infrastructure, and we are currently testing it within our lab environment. A resolution is not far off.

"In the meantime, it is important to note that we are monitoring the router logs for evidence of this type of malicious activity, and can immediately react by identifying the user and taking appropriate action in line with our Acceptable User Policy," she said.

"Our customer base has absolutely no reason to feel that the security of their computer system is at risk."

Take me to the Summer of Hacking Special

Take me to Hackers

What do you think? Tell the Mailroom. And read what others have said.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with Konica

Did you find this article useful?
43 out of 88 people found this useful


In association with Intel

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:







Related Jobs

Network Support - Manchester

Information Security Officer

SharePoint Analyst - London/Knutsford

Sentry Posts Blog

The Technological Singularity

Are we approaching a point when machines may wake up and become self or seemingly self aware? Vernor Vinge in 1993 seemed to think so. He refered to this event as the "technological... More

2 comments

Mobile Operating Systems: MOPS At a Gl...

Mobile Operating Systems: At a Glance Author: Eric Everson, Founder MyMobiSafe Since posting my blog exposing the security Google G1 security issue, I have received a few emails... More

Post a comment

Met Police catch test cheats

I saw the funny side of this press release, I can just imagine the two people sitting in the car giving the answers to the questions. Why they had wires running from under the bonnet... More

Post a comment

Featured Oracle Resources

Human Resources Management eBook

Supply Chain Management eBook

Design and Innovation Report

Economist Intelligence Unit Report - Technology and growth at mid-sized companies

See All White Papers