Watson shared his plans with government computer security officials in the US and UK, who coordinated a response with vendors and major network operators. “We have known about the fixes for about a week and implemented them last weekend,” said Bill Hancock, Chief Security Officer for Savvis Communications, which operates the former Cable & Wireless US network backbone. Communication was handled through back-channels established in February 2001 to deploy patches for the SNMP protocol, Hancock said.
The use of MD5 authentication shouldn’t affect network performance, Hancock said. “MD5 is an efficient checksum facility and most network operators never operate the core backbones at max capacity, and are intentionally overengineered to deal with situations like this as well as network overloads,” he said.
Adding BGP authentication is not a trivial undertaking, however, and network security teams were also busy installing critical Microsoft security updates, which took an an urgent quality amid rumors of a Windows “super exploit”. The repair window for the TCP flaw may have been shorter than hoped, as posts to network operator mailing lists suggest the bulletins were released a day early due to press attention.
Some network professionals say the TCP issue is overstated. If a hacker with a network of bots desires to take out a router, they argue, it’s simpler to overwhelm the device with a brute force DOS attack than take the time and effort to exploit the TCP weakness. Hancock, who advocates a compete overhaul of core Internet protocols to make them more secure, calls it a “medium-level vulnerability.” A new IETF submission proposes small changes in TCP to address the issue.