- The 10 dumbest mistakes network managers make
- Six Windows 7 features admins will actually care about
- Why the iPhone can't be "killed"
- Nortel enterprise chief wants to bring back Bay
- More porn sneaks onto the iPhone
Cisco has just released a new security advisory that details what caused the address storms that recently afflicted Duke University’s wireless net.
The advisory, posted on the company’s Web site, says that Cisco’s wireless LAN controllers have “multiple vulnerabilities in the handling of Address Resolution Protocol (ARP) packets.” These vulnerabilities “could result in a denial of service (DoS) in certain environments.” The vendor is offering free software to patch this problem, and notes that “there are workarounds to mitigate the effects of these vulnerabilities.”
In keeping with Cisco’s standard format, the advisory makes no reference to the events at Duke, which were first reported a week ago. At the time, intermittent floods or storms of ARP requests were taking 20 to 30 WLAN access points off line for 10 to 15 minutes. The events involved the newly released Apple iPhone.
But a Cisco spokesman confirmed that the advisory deals with the problem uncovered at Duke. “To date, we have not seen widespread issues relating to Apple iPhone across our customers’ networks,” the spokesman wrote in an e-mail response.
The baffling problem, occurring at least nine times at Duke over about a week, triggered a wave of reader speculation, rants, and recommendations on Networkworld.com and other Internet tech sites.
The advisory finally makes it clear that the iPhone simply triggered the ARP storms that were made possible by the controller vulnerabilities. Any other wireless client device, moving from one subnet to another apparently could have done the same thing.
According to the advisory, the vulnerabilities are found in versions 4.1, 4.0, and 3.2 and earlier of the company’s Wireless LAN Controller software. Affected products include the 4100 and 4400 series of controllers, the earlier Cisco-Airespace 4000 series controller (introduced shortly after Cisco acquired Airespace), the Catalyst 6500 series Wireless Services Module (WiSM, a single-board version of the controller), and the Catalyst 3750 Integrated Wireless LAN Controller.
Many other products are immune to these vulnerabilities, according to Cisco, including the 2000 and 2100 series controllers, various stand-alone access points, and the 3800, 2800, and 1800 series of Integrated Services Routers.
The Leader in Network Knowledge
Comments (29)
iPhone horsepower (! ,?)By steverose on July 28, 2007, 4:50 pmI'm glad it's resolved, and iPhone wasn't to blame, but I was most impressed that the network experts figured a tiny iPhone could send 10 megabits of small packets...
Reply | Read entire comment
I upgraded the entireBy Anonymous on July 26, 2007, 4:26 pmI upgraded the entire wireless network at a Major League Baseball Stadium with (30) 1242 APs and (1) 4402 WLC and I’m receiving a flood of ARP packets from what...
Reply | Read entire comment
RFC 4436 is a Proposed StandardBy Anonymous on July 26, 2007, 3:20 pmAs noted on the second line of the RFC. Also, while Apple made a contribution they did not invent it since early versions of the draft had no Apple contributors....
Reply | Read entire comment
Perhaps you should read theBy Anonymous on July 26, 2007, 11:41 amPerhaps you should read the first ten lines of the RFC. It is something Apple invented, they wrote the RFC with Microsoft and Sun. Three client software companies...
Reply | Read entire comment
Time to practice better journalismBy khoyt2 on July 25, 2007, 5:16 pmI think you and nearly every other IT, business and general news journalists have been too quick to "pull the trigger" when reporting on the iPhone. As a result...
Reply | Read entire comment
View all comments