|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Gray, Patrick (ISS Atlanta) (PGray
iss.net)Date: Thu Apr 25 2002 - 09:01:02 CDT
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any problems!
----------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
INTERNET RISK UPDATE for 04-25-2002
ISS X-Force Internet Threat Intelligence Center
www.iss.net - Click on AlertCon logo for more
information.
********************************************
ALERTCON 1
Projected: AlertCon 1
********************************************
ALERTCON 1 - We are at AlertCon 1, the usual
chaotic state of the Internet.
Vulnerabilities: According to several sources,
U.S. intelligence officials are warning of
possible cyber-attacks on U.S. and Taiwanese
computer networks by both Chinese military and
students in the next few weeks. Officials are
concerned that the planned attacks are aimed at
damaging and/or disrupting computer systems
through the use of Internet hacking and computer
viruses.
VIRUSES/WORMS: Nothing new to report this morning
other than a few nuisances and socially
engineered-type viruses. Good time to update
your anti-virus solution of choice.
********************************************
RECOMMENDATIONS
********************************************
For further information regarding the U.S.
intelligence officials warning, please refer to
the following articles:
http://www.siliconvalley.com/mld/siliconvalley/313
2466.htm
http://www.latimes.com/news/nationworld/world/la-0
42502china.story
For a list of current vulnerabilities, please
see:
https://gtoc.iss.net/vulnerabilities.php
Information regarding viruses and worms please
see:
https://gtoc.iss.net/viruses.php
RealSecureŽ Network Sensor X-Press Update 4.3 is
now available from the ISS Download Center:
http://www.iss.net/download/
********************************************
FACTOID: Some PDA devices function as a cellular
phone, pager, or even a laptop replacement, which
provides more connectivity and power, but puts
users at an increased risk for virus infection.
Three viruses have targeted Palm devices: the
Liberty Crack Trojan horse and the Phage and
Vapor viruses. Remember, your network is only as
strong as its weakest point.
********************************************
ATTACK SIGNATURE RANKING - global IDS, midnight -
midnight, previous
Day, % of total
********************************************
Protocol Decode 45.37%
Unauthorized Access Attempt 26.20%
Denial Of Service 14.76%
Suspicious Activity 10.37%
Pre-Attack Probe 03.16%
Back Door 00.14%
********************************************
TOP TEN ATTACK DESTINATION PORTS - global IDS,
midnight - midnight,
previous day, % of top ten (ports found at)
http://www.networkice.com/Advice/Exploits/Ports/de
fault.htm
********************************************
80 (http) 79.58%
22 (ssh) 05.60%
161 (SNMP) 04.86%
25 (smtp) 02.62%
1028 (unassigned) 02.60%
21 (ftp) 01.79%
1500 (ADSM/TSM) 01.01%
15104 (unassigned) 00.71%
6723 (unassigned) 00.64%
515 (lp,lpr,printer) 00.58%
********************************************
BACKGROUND, COPYRIGHT NOTICE, and DISCLAIMER
********************************************
Background. We provide this information in the
spirit of PDD 63 to
help security professionals wage the war against
Internet threats
more effectively. Information in this update
derived primarily from
global, real time, 24 x 7 IDS feeds, ISS X-Force
R&D Team research,
and professional liaison. Other sources as noted.
AlertCon 1 reflects
the global, malicious, determined, 24 x 7 attacks
experienced by all
networks. AlertCon 2 means increased
vigilance/action recommended due
to a specific threat or concern. AlertCon 3 means
increased attacks
against specific targets or vulnerabilities on a
scale that is
unusually high, action required. AlertCon 4
reflects an Internet
emergency for a target or group of targets whose
business continuity
may depend on some sort of immediate, decisive
action. All summaries
cover 24 hours the previous workday, GMT. Monday
summaries may cover
some weekend activity.
Copyright 2002 Internet Security Systems, Inc.
Permission is granted
for the redistribution of the Internet Threat
Update electronically.
It is not to be sold or edited in any way without
express consent of
ISS. Refer comments or questions to:
pgrayiss.net or dtreeceiss.net
Disclaimer: This information is subject to change
without notice. Use
of this information constitutes acceptance for
use in an 'as is'
condition. There are no warranties with regard to
this information.
In no event shall the author be liable for any
damages whatsoever
arising out of or in connection with the use or
spread of this
information. Any use of this information is at
the user's own risk.
No other use authorized. FOIA Exemption 4.
You can download the public key from MIT's PGP
key server and
PGP.com's key server.
Patrick Gray
Manager, X-Force
Internet Threat Intelligence Center
Internet Security Systems
6303 Barfield Road
Atlanta, GA 30328
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQA/AwUBPMgNF5G41ROSQPncEQJyLwCgwxgJEgEWCKLcUpyublP/z3dl+AcAn2rJ
YkWQ4aH4+VrGch29LJe5dGqI
=0pg2
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]