A security research company is warning Nortel customers to upgrade their VPN routers after it found a serious vulnerability in them.
The DoS vulnerability enables hackers to crash IPSec VPN machines using a specially designed UDP packet. NTA Monitor said it would withhold details of the vulnerability because it is so dangerous.
Roy Hills, technical director of NTA Monitor said: "We believe this is a serious vulnerability. It's possible to identify Nortel VPN routers using UDP backoff fingerprinting and an attacker only needs to send a single, small UDP packet to identify the remote systems. We have determined that it's possible for an attacker with modest resources to scan the entire routed Internet address space within a few weeks and thus find all of the Nortel VPN router systems."
The attack also requires only a small piece of code to bring down thousands of machines at the same time: "This packet is less than 300 bytes in size, so an attacker with a 64Kb line could keep more than 7,000 Nortel VPN systems offline continuously, and someone with a 2Mb line has the potential to keep almost a quarter of a million systems offline."
NTA is urging companies to install a software patch that was issued by Nortel on Friday.
Nortel was not available for comment.
In March, NTA found a password flaw in Nortel's Contivity VPN client for Microsoft Windows.
In order to post a comment you need to be registered and logged in
Log in or create your ZDNet UK account below
By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Membership FAQ
this spam bot is exasperating
1 hour ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband :D I think the server exchange does slow down a bit round 5 to 7/8 pm but I find I mostly get 3 to 4 MBps on downloads and by that time there...
1 hour ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband night before last
1 hour ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband 5MBps, I saw 5.8
1 hour ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband honestly I do get
1 hour ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband thank you for the support. ..but in
1 hour ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband if you download a BIG file from the MS site then THAT is your *true* speed.
1 hour ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband Hi Fat Pop Do Wop!
1 hour ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband it filters the word 'aittude' mis spelled intentionally
1 hour ago by dava4444 on How to build a GUI for a toaster but with a fair amount of work, possibly. God Bless Dava
1 hour ago by dava4444 on How to build a GUI for a toaster But I think Googles idea could be developed into an able paradigm. right now, no.
1 hour ago by dava4444 on How to build a GUI for a toaster took there repos down for Ubuntu (I think there back now but they took a few months). I don't think there is a perfect answer,
4 hours ago by dava4444 on How to build a GUI for a toaster but the community coding and ideas would be gratis, maybe that's why OEM's can be 'slackers' when it comes to Linux. they just sit back and let...
4 hours ago by dava4444 on How to build a GUI for a toaster continued the bad point about that is hardware, a rival OEM can take your development and use it themselves and to retaliate you would have to go...
4 hours ago by dava4444 on How to build a GUI for a toaster continued Okay how about something like Google's approach 'semi-open source'? . the OEM pours cash in to development and code, whilst opening it...
4 hours ago by dava4444 on How to build a GUI for a toaster Hi Adrian em, interesting, yeah okay I can get this vibe, if I wanted VRec on my Tele I would need an embedded and tiny OS and you're totally...
4 hours ago by dava4444 on How to build a GUI for a toaster Hi Adrian been trying to post for three days .this spam bot is a nightmare. Dava
4 hours ago by dava4444 on How to build a GUI for a toaster Hi James I totally agree. The new site makes me want to come and post, but the spam bot refers me at every turn. I even at one point, thought I...
4 hours ago by dava4444 on Spam? Filter Changed?
the future of mobile will be location and context aware. This means, you will have apps that will suggest you depending where you are right...
6 hours ago by sameerhere on Symbian^3 will do resistive multitouch, says Nokia hello i would like to have some form of a answer to this question as it concerns the goverment i want to know why if your on state benefits as a...
6 hours ago by kenye2009 on ITN to launch ITV online news serviceFor multi-store outlets, including retail, banking, grocery, gas, hospitality, convenience stores and others, reducing (or avoiding) the cost of in-store system support and maintenance while maintaining compliance with PCI and other requirements has become a strategic challenge.
Speaker: Dr. Chenxi Wang, Principal Analyst, Security and Risk Management, Forrester Research, Inc. As Enterprises are increasingly connected to the Internet and as hard organizational boundaries are fast disappearing, security professionals are facing fresh challenges in Enterprise computing.
This tutorial is for new MindManager users and teaches you how to get started, by creating maps, reading maps and organizing your information.
