Excite@Home IP flaw exposed
Excite@Home -- an Internet service run in Australia by Cable & Wireless Optus -- has warned it will take action against anybody who attempts utilise an IP vulnerability that allows a single user to block up to 127 IP addresses, effectively shutting people out of the service.
The company has admitted the problem but denies that there is any security risk to subscribers' computer systems.
The fault came to light Thursday when Excite subscriber Ian Millsom made the vulnerability public after he claimed the ISP had ignored the information he had provided them.
Millsom provided details of how to route 127 IPs through a single IP address.
"When you traceroute from an external address, the IP that you brought up on your network routes back through your local machine IP," he said. "If you use Linux to do this, when Windows users connect, they get the message: 'IP Conflict. Another computer on the network is using this IP address.'"
"Meanwhile, you get to play with as many IP addresses in that 128 block as you like," Millsom said. He said he had sent two emails to Excite@Home highlighting the problem but had had no response.
However, Excite@Home corporate communications manager Sheila Dhillon said the organisation's technical operations, engineering and security teams were aware of the issue and were working to resolve the matter with Cisco.
"The fix is available within our current infrastructure, and we are currently testing it within our lab environment. A resolution is not far off.
"In the meantime, it is important to note that we are monitoring the router logs for evidence of this type of malicious activity, and can immediately react by identifying the user and taking appropriate action in line with our Acceptable User Policy," she said.
"Our customer base has absolutely no reason to feel that the security of their computer system is at risk."
Take me to the Summer of Hacking Special
Take me to Hackers
What do you think? Tell the Mailroom. And read what others have said.