Networks on yellow alert over ICMP flaw
ISPs and enterprises were this week advised to update their internet communications infrastructure following the discovery of a vulnerability affecting a raft of major suppliers including Cisco, Juniper, Microsoft and IBM to varying degrees.
Security researchers have discovered that multiple TCP/IP implementations fail to adequately validate Internet Control Message Protocol (ICMP) error messages. As a result, hackers could reset or slow an established connection using spoofed ICMP error messages.
By John Leyden at The Register.
[ Read more ]