Seemingly, a security hole in a key security protocol used all over the Internet
has been found by great minds at the University of Oulu in Finland. Boffins there claim that there is a flaw in the Internet Security Association and Key Management Protocol (ISAKMP) that could lead to a serious denial of service attack. ISAKMP is utilised in IPSec virtual private networking, as well as in several Internet products such as network and firewall devices from Cisco Systems and Juniper Networks. Given the wide scale of its usage, the problem is potentially huge.
The security hole was so serious that the Finnish results were jointly issued by the British National Infrastructure Security Co-ordination Centre and the Finnish CERT to give it some weight.
Cisco and Juniper have acknowledged that some of their products are at risk. Cisco said the security flaw could cause devices to reset which could cause a temporary denial-of-service attack.