The Platform: The Official Cisco Blog

« Networkers Video Blog - Rena Hu, HP | Main | Cisco Unveils Plans to Transform the Data Center »

July 24, 2007

Cisco, Duke University and Apple's iPhone

In early July, Duke University began seeing portions of its wireless network reset and come back online 10-15 minutes later. After a preliminary investigation from Duke's IT staff, it was determined that Apple iPhones were likely involved with Cisco wireless access points relating to Address Resolution Protocol (ARP) requests. Duke reached out to Cisco and Apple for assistance to help find the root cause and to determine how to mitigate this issue.

The specific issue occurs in certain environments when Cisco equipment incorrectly processes ARP frames sent by the iPhone. Because this issue has the potential to cause a denial-of-service (DoS) response from the network, Cisco has prepared a security advisory for its customers and partners. Because there have been numerous reports in both tech and business media, Cisco felt the need to set the record straight. This was done because the majority of coverage to date has been centered on Apple and Duke.

Cisco takes interoperability and security issues very seriously. We follow well-established processes to ensure that we address issues in an open and constructive fashion. At this time, the situation at Duke has been resolved. There have been no recurrences since, and we have not seen widespread issues of this nature across our customers’ networks.

We’d like to acknowledge Duke for being a tremendous partner and helping in the resolution of the issue. Cisco is 100 percent committed to continually improving the security and reliability of our customers’ and partners’ networks.

Cisco has proactively addressed this situation and published a security advisory with full details. There is a software fix available, and customers should follow the instructions on the security advisory for details on downloading and installing fixed software.

Duke's update on this issue.

Posted by John Earnhardt on July 24, 2007 10:15 AM

Trackback Pings

TrackBack URL for this entry:
http://blogs.cisco.com/cgi-bin/mt/mt-t.cgi/1014

Comments


Post a Comment




Remember Me?

(you may use HTML tags for style)


 

Legal Disclaimer

Some of the individuals posting to this site, including the moderators, work for Cisco Systems. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release Cisco from any liability related to your use of the Website. You also grant to Cisco a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.

© 1992-2007 Cisco Systems, Inc. All rights reserved.