TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any problems!
----------------------------------------------------------------------------

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Copyright 2001 Internet Security Systems (trademark)
THE POWER TO PROTECT

NOTE: Our web site with this information in more attractive format and

graphics is available to the public at no cost at
<http://www.iss.net/> under "Global Internet Threat Intelligence
Service". Screen
captures of the site's pages can be an effective way to communicate
various aspects of the Internet threat, e.g. the graph depicting
"AlertCon Trends".

INTERNET THREAT & SOLUTIONS UPDATE for September 18th - 20th, 2001
ISS X-Force Special Operations Group

- --------------------------------------
CURRENT THREAT ASSESSMENT & THREAT FORECAST
- --------------------------------------

AlertCon 3 Today, September 18th, 2001
AlertCon 3 Projected for September 19th - 20th, 2001

*************

- - Things were normal until 9:30 AM when all heck broke loose. Everyone
is reporting the activity but there is little analysis available at
this time and lots of speculation.

- - We are looking at what appears to be a modified Code Red II worm
that uses multiple ways to infect new hosts, including Outlook.

- - We will have an analysis of this thing out later today.

- ---------------------------------------
SOLUTIONS
- ---------------------------------------

- - Patch your Win 2K and NT machines from these links:
- -- Win 2K
<http://www.microsoft.com/windows2000/downloads/critical/q300972/defaul
t.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D30800%26redi
rect%3Dno>
- -- Win NT
<http://www.microsoft.com/ntserver/nts/downloads/critical/q300972/defau
lt.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D30833%26red
irect%3Dno>

- - Make sure Outlook is patched, and advise your users to avoid opening
any attachment with a .exe, .txt, or .vbs extension

- ---------------------------------------
Attack Signatures - global IDS, midnight - midnight, previous day, %
of total
- --------------------------------------

Denial Of Service 37.01%
Unauth Access Attempts 30.64%
Protocol Decode 15.59%
Pre-Attack Probe 11.44%
Suspicious Activity 05.24%
Back Doors 00.09%

- ---------------------------------------
Top Ten Destination Ports - global IDS, midnight - midnight, previous
day, % of top ten (port assignments found at
<http://www.iana.org/assignments/port-number>
- ---------------------------------------

80 (http) 78.46%
25 (smtp) 11.82%
21 (ftp) 05.34%
139 (net bios ss) 00.97%
69 (tft) 00.87%
443 (https) 00.76%
123 (ntp) 00.55%
53 (dns) 00.43%
6768 (bmc pmgrd) 00.42%
143 (imap) 00.37%

- ---------------------------------------
VULNERABILITIES
- ---------------------------------------

- - Check out the web site at <http://www.iss.net/> Under Global
Internet Threat Intelligence Service.

- ---------------------------------------
MALICIOUS LOGIC
- ---------------------------------------

- - Check out the web site at <http://www.iss.net/> Under Global
Internet Threat Intelligence Service.

- ---------------------------------------
BREAKING NEWS
- ---------------------------------------

- - Check out the web site at <http://www.iss.net/> Under Global
Internet Threat Intelligence Service.

- ---------------------------------------
DISCLAIMER AND COPYRIGHT NOTICE
- ---------------------------------------

We provide this information on Internet threat metrics, viruses,
vulnerabilities, patches, and breaking news, in the spirit of PDD 63,
to help security professionals wage the war against Internet threats
more effectively. Information in this update derived primarily from
global, real time, 24 x 7 IDS feeds, ISS X-Force R&D Team research,
and professional liaison. Other sources as noted. AlertCon 1 reflects
the global, malicious, determined, 24 x 7 attacks experienced by all
networks. AlertCon 2 means increased vigilance/action recommended due
to a specific threat or concern. AlertCon 3 means increased attacks
against specific targets or vulnerabilities on a scale that is
unusually high, action required. AlertCon 4 reflects an Internet
emergency for a target or group of targets whose business continuity
may depend on some sort of immediate, decisive action. All summaries
cover 24 hours the previous workday, GMT. Monday summaries may cover
some weekend activity.

Copyright 2001 Internet Security Systems, Inc. Permission is granted
for the redistribution of the Internet Threat Update electronically.
It is not to be sold or edited in any way without express consent of
ISS. Refer comments or questions to dtreeceiss.net
<mailto:dtreeceiss.net>. Disclaimer: This information is subject to
change without notice. Use of this information constitutes acceptance
for use in an "as is" condition. There are no warranties with regard
to this information. In no event shall the author be liable for any
damages whatsoever arising out of or in connection with the use or
spread of this information. Any use of this information is at the
user's own risk. No other use authorized. FOIA Exemption 4.

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5

iQA/AwUBO6d22+OOe/7N9KJeEQJlWACg+62HI6C4vzsn3zndKsHKNRUvxFUAoJvp
aiaw6LuxPgWcDBRPEXKYz2ya
=mFzF
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]