You are here: silicon.com > Management > IT Director

IT Director

"Serious" DoS flaw found in Nortel VPNs

Not so private now...

Tags: nta, nortel

By Dan Ilett

Published: 31 May 2005 17:05 GMT

A security research company is warning Nortel Networks customers to upgrade their virtual private network (VPN) routers after it found a serious vulnerability in them.

The denial of service vulnerability enables hackers to crash IPSec VPN machines using a specially designed UDP packet. NTA Monitor said it would withhold details of the vulnerability because it is so dangerous.

Roy Hills, technical director of NTA Monitor said: "We believe this is a serious vulnerability. It's possible to identify Nortel VPN routers using UDP backoff fingerprinting and an attacker only needs to send a single, small UDP packet to identify the remote systems. We have determined that it's possible for an attacker with modest resources to scan the entire routed internet address space within a few weeks and thus find all of the Nortel VPN router systems."

Hills said the attack was serious because it is possible to find Nortel devices on the internet using simple hacker "fingerprinting" techniques. The attack also requires only a small piece of code to bring down thousands of machines at the same time: "This packet is less than 300 bytes in size, so an attacker with a 64Kb line could keep more than 7,000 Nortel VPN systems offline continuously, and someone with a 2Mb line has the potential to keep almost a quarter of a million systems offline."

NTA is urging companies to install a software patch that was issued by Nortel on Friday.

Nortel was not available for comment.

In March, NTA found a password flaw in Nortel's Contivity VPN client for Microsoft Windows.

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Naked CIO Naked CIO: Social networks are useless for finding a job 'Quantity over quality' approach poisoning professional networks

Peter Cochrane Peter Cochrane's Blog: Uneconomics We must move away from short-termism to prevent next economic crisis


  • Jobs
Infrastructure Analyst

Experience: • Exchange 2003 installation, configuration and administration • Exchange migration using ADMT • Active Directory ...

IT Service Desk / Trainer Backfill Analyst

To be a successful candidate for this role you must have the following experience: - Service desk Support *Exposure to various applications such as: ...

SOC ANALYST (YORKSHIRE), SECURITY CLEARED SC. PERMANENT 30k - 40k

Experience with vulnerability assessment would be valuable. SOC ANALYST, Security Cleared (SC). ROTHERHAM - PERMANENT 30k - 40kNB: If you are ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.





Quick Sitemap Links: