TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any problems!
----------------------------------------------------------------------------

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Copyright 2001 Internet Security Systems (tm) THE POWER TO PROTECT

========================================================================
=
INTERNET THREAT & SOLUTIONS UPDATE August 30th through September 3rd,
2001
ISS X-Force Special Operations Group

========================================================================
=

ALERTCON 1 Today, August 30th, 2001:
ALERTCON 1 Projected for August 31s thru September 3rd 2001:

========================================================================
=

NOTE: Our web site is now available to the public at
<http://www.iss.net/> then Click on the
"Global Internet Threat Intelligence Service".

========================================================================
=
CURRENT THREAT ASSESSMENT & THREAT FORECAST

========================================================================
=

- - We remain at AlertCon 1 for today and through Monday. While it is
our lowest alert level, it is not "low". AlertCon 1 includes the
determined, global, 24 x 7 attacks experienced by all networks.

- - We are still seeing an average of around 1,100 Code Red alarms an
hour on our monitored networks worldwide - clear indication of the
number of unpatched machines still left in the wild. We remind IT
professionals and home users alike to patch their Windows 2K and NT
devices, whether you think you are vulnerable or not.
- - Home-based computers continue to be a weak link in any network and
should be considered hostile unless the current condition of the OS,
anti-virus software, and personal firewall are known. Remember that
machines compromised by all versions of Code Red II will have a back
door that needs to be removed. Solutions below.
- - The Sans
<http://www.sans.org/infosecFAQ/homeoffice/homeoffice_list.htm>
Institute offers home users a variety of computing solutions.
- - Various new vulnerabilities have been released for a range of
vendors. Details available under Vulnerabilities
<https://gtoc.iss.net/secure/vulnerabilityalerts.php>.

========================================================================
=
SOLUTIONS

========================================================================
=

- - Regarding the continuing Code Red Worm Threat:
- -- Patch your IIS machines from the links noted below:
- --- Microsoft Windows 2000 Professional, Server and Advanced Server
<http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30800>
- --- Microsoft Windows NT version 4.0
<http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30833>
- -- Solutions provided by ISS and Black Ice include the following:
- --- X-Force Advisory <http://xforce.iss.net/alerts/advise90.php> dated
August 6th, 2001 with recommended RealSecure
<http://www.iss.net/customer_care/whats_new/index.php> XPU 3.1 or user
defined for defense against the Code Red worm.
- --- ISS Internet Scanner
<http://www.iss.net/securing_e-business/security_products/security_asse
ssment/internet_scanner/index.php> with Flex Check
<http://www.iss.net/eval/eval.php>
- --- ISS Systems Scanner
<http://www.iss.net/securing_e-business/security_products/security_asse
ssment/system_scanner/>
- --- Black Ice Sentry
<http://www.networkice.com/products/blackice_sentry.html>
- --- Trend Micro <http://www.trendmicro.com> also has a variety of
solutions towards detection and isolation of the Code Red worm as well
as its backdoor component.

- - The X-Press Update (XPU) for ISS Network Sensor contains 9 new
signatures. Protection Benefits of 3.2 include:
- -- Application Protection. XPU 3.2 contains a signature to address a
telnet buffer overflow vulnerability in systems that have telnet
servers that are derived from BSD. The XPU also contains signatures to
address Cold Fusion vulnerabilities, and a signature to protect
against a high risk Oracle buffer overflow vulnerability.
- -- Web Servers. XPU 3.2 contains three signatures to address
vulnerabilities in IIS web servers.
- - FREE VULNERABILITY SCAN: As a general solution to common computer
security deficiencies, run the free security scanner provided by ISS
and see how your own computer measures up for general security (not
Code Red related). Try it from home too! Visit Online Scanner
<https://onlinescanner.iss.net>.
- - Or, if you would like to conduct a comprehensive vulnerability
assessment of your Windows NT or Windows 2000 home or office PC, check
out ISS' flagship product, Internet Scanner. With nearly 1000 unique,
CVE-compliant vulnerability checks, you will be able to assess the
security risks of your system, generate a report with concise,
detailed vulnerability description and corrective action information,
and begin mitigating risks immediately. For your free copy, go to
<https://www.iss.net/cgi-bin/download/evaluation/evaluation-select.cgi>

========================================================================
=
Attack Signatures - global IDS, midnight to midnight, previous day, %
of total

========================================================================
=

Unauth Access Attempts 29.89%
Denial Of Service 28.96%
Protocol Decode 24.54%
Suspicious Activity 09.10%
Pre-Attack Probe 07.47%
Back Doors 00.05%

========================================================================
=
Top Ten Destination Ports - global IDS, midnight to midnight, previous
day, % of top ten
=======================================================================
==

80 (web) 77.93%
25 (mail) 05.68%
21 (ftp) 03.46%
3804 (unassigned) 03.16%
32666 (unassigned) 02.42%
1338 (wmc log svc) 01.74%
37264 (unassigned) 01.73%
161 (snmp) 01.43%
1286 (netuitive) 01.43%
14551 (unassigned) 01.01%

========================================================================
=
VULNERABILITIES

========================================================================
=

· Check out the web site at www.iss.net <http://www.iss.net> under
Global Internet Threat Intelligence Service.

========================================================================
=
MALICIOUS LOGIC

========================================================================
=

· Check out the web site at www.iss.net <http://www.iss.net> under
Global Internet Threat Intelligence Service.

========================================================================
=
WEB SITE DEFACEMENTS

========================================================================
=

- - No update today

========================================================================
=
BREAKING NEWS

========================================================================
=

· No stories made the cut today.

========================================================================
=
DISCLAIMER AND COPYRIGHT NOTICE

========================================================================
=

We provide this information on Internet threat metrics, viruses,
vulnerabilities, patches, and breaking news, in the spirit of PDD 63,
to help security professionals wage the war against Internet threats
more effectively. Information in this update derived primarily from
global, real time, 24 x 7 IDS feeds, ISS X-Force R&D Team research,
and professional liaison. Other
sources as noted. AlertCon 1 reflects the global, malicious,
determined, 24 x 7 attacks experienced by all networks. AlertCon 2
means increased vigilance/action recommended due to a specific threat
or concern. AlertCon 3 means increased attacks against specific
targets or vulnerabilities on a scale that is unusually high, action
required. AlertCon 4 reflects
an Internet emergency for a target or group of targets whose business
continuity may depend on some sort of immediate, decisive action. All
summaries cover 24 hours the previous workday, GMT. Monday summaries
may cover some weekend activity.

Copyright 2001 Internet Security Systems, Inc. Permission is granted
for the redistribution of the Internet Threat Update electronically.
It is not to be sold or edited in any way without express consent of
ISS. Refer comments or questions to dtreeceiss.net
<mailto:<mailto:dtreeceiss.net>>. Disclaimer: This information is
subject to change without notice. Use of this information constitutes
acceptance for use in an "as is" condition. There are no warranties
with regard to this information. In no event shall the author be
liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is
at the user's own risk. No other use authorized without written
permission from ISS. Provided in MS Word with digital signature;
invalid without this signature from the sender or InfraGard Atlanta.

Dennis
Dennis Treece
Director,
Global MSS Special Operations Group
Internet Security Systems (ISS)
6303 Barfield Road
Atlanta, Georgia 30328
404-236-4065
Cell 404-667-9345
Fax 404-236-2626

Internet Security Systems -- The Power to Protect

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5

iQA/AwUBO45bVeOOe/7N9KJeEQLeFwCg8jaTMxoclkZVLu3N1kqAypE/r+cAoNof
DIoF6IwwS9jXQA2hr7F+wYtZ
=HwE1
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]