Experiment triggers bug, crashing one percent of the Internet

Duke University and a European group conducted an experiment late last week that inadvertently uncovered a flaw in Cisco's (NASDAQ: CSCO) IOS XR operating system. Despite being designed for Cisco's carrier-grade CSR-1 routers, a bug in the implementation of its BGP routing logic eventually saw affected routers become unreachable, compelling the team to end the test within 30 minutes.

BGP, or the Border Gateway Protocol is used by routers to know where to send their data to. It is considered an extremely important component of the Internet, and security experts have warned in the past that hackers could cause widespread Internet disruptions if they can somehow manage to meddle with BGP data.

Earl Zmijewski, a general manager with Internet security firm Renesys described what happened: "Over 3,500 prefixes (announced blocks of IP addresses) became unstable at the exact moment this 'experiment' started."

Well, the affected IOS XR apparently corrupted the--much larger than usual--routing information originating from the test, corrupting it before passing it on. Many routers, upon receipt of the dodgy data, simply closed their network connection as an automated precaution.

This culminated in an estimated one percent of the Internet becoming briefly inaccessible. Cisco has since released a security advisory confirming the bug, and has also released a patch that fixes the problem.

For more on this story:
- check out this article at Computerworld
- check out this article at Computerworld

Related Articles:
White House preparing national Internet identity authentication plan
Google breaks the Internet, accidentally
Ouch! Everybody wants to beat Cisco
Next-gen wireless spec features multi-gigabit networking