Advertisement
Promo

Security threats Toolkit

'Serious vulnerability' found in Nortel VPNs

Dan Ilet silicon.com

Published: 01 Jun 2005 09:30 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A security research company is warning Nortel customers to upgrade their VPN routers after it found a serious vulnerability in them.

The DoS vulnerability enables hackers to crash IPSec VPN machines using a specially designed UDP packet. NTA Monitor said it would withhold details of the vulnerability because it is so dangerous.

Roy Hills, technical director of NTA Monitor said: "We believe this is a serious vulnerability. It's possible to identify Nortel VPN routers using UDP backoff fingerprinting and an attacker only needs to send a single, small UDP packet to identify the remote systems. We have determined that it's possible for an attacker with modest resources to scan the entire routed Internet address space within a few weeks and thus find all of the Nortel VPN router systems."

The attack also requires only a small piece of code to bring down thousands of machines at the same time: "This packet is less than 300 bytes in size, so an attacker with a 64Kb line could keep more than 7,000 Nortel VPN systems offline continuously, and someone with a 2Mb line has the potential to keep almost a quarter of a million systems offline."

NTA is urging companies to install a software patch that was issued by Nortel on Friday.

Nortel was not available for comment.

In March, NTA found a password flaw in Nortel's Contivity VPN client for Microsoft Windows.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
106 out of 203 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Official Organizations Losing Data

How does this article from earlier today make you feel? How many more government, health service, or military officials are going to lose pen drives, DVDs, USB hard disks and even entire... More

1 comment

Twitter hack was DNS redirect

Twitter has said an attack on Thursday which took the site offline for many users was the result of a DNS redirect. A group calling itself the Iranian Cyber Army redirected users... More

1 comment

McKinnon lawyers seek judicial review

Lawyers seeking a judicial review for Nasa hacker Gary McKinnon lodged fresh evidence of his psychiatric state at the High Court on Thursday. Karen Todner, McKinnon's solicitor,... More

1 comment

Win a BlackBerry with Vlingo voice recognition

Win a BlackBerry with Vlingo voice recognition

What is ZDNet UK's usual tagline?

Competition closes - 14 Jan 2010


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters