Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Web Attack Crashes TippingPoint IPS

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Web Attack Crashes TippingPoint IPS
Date: Wed, 18 Jan 2006 03:07:31 -0600 (CST) 
http://www.eweek.com/article2/0,1895,1912048,00.asp

By Paul F. Roberts 
January 17, 2006 

Mysterious Web attack traffic caused some of 3Com Corp.'s TippingPoint
IPS devices to crash last week, requiring a hasty patch by the
company.

Some TippingPoint customers had their IPS (intrusion prevention
system) appliances crash while trying to process a specific kind of
Internet attack traffic last week.

The company learned of the problem on Friday and issued an update for
the TOS (TippingPoint OS) software within hours, said Laura Craddick,
TippingPoint's public relations manager.

At York University in Toronto, TippingPoint IPS devices began crashing
repeatedly on Friday, Jan. 13, prompting a call to the vendor, said
Ramon Kagan of the University's Computing and Network Services
department.

The crashes were caused by malicious HTTP traffic that attempted to
trigger a known security vulnerability in another product. The HTTP
attack traffic eventually caused the TOS software, which runs the IPS
company's appliances, to crash, bringing down the whole device, he
said.

Reports of the crashes were sporadic, because only a very specific
type of attack traffic triggered the hole, Kagan said. He declined to
provide details about the malicious traffic that crashed the IPS
devices.

Complaints about the problem reached the Austin, Texas, company on
Friday; about one day after TippingPoint shipped updated attack
signatures to its clients. 3Com released new versions of the TOS
software to address the issue, Craddick said.

Customers who were affected by the crashes speculated in an online
discussion group that they may have been caused by a conflict with new
attack signatures distributed the day before.

However, TippingPoint contends that the behavior was caused by a flaw
in the TOS software, not by a bad signature, Craddick said.

The university has been using TippingPoint's IPS technology for two
years, Kagan said.

With the TippingPoint appliance offline, staff at York University had
to deal with a mild increase in traffic, and used IDS (intrusion
detection system) software to filter out some attacks. However, Kagan
expressed satisfaction that 3Com responded within five hours with a
software patch that fixed the problem.

Customers who have not done so should upgrade their TippingPoint
appliances to version 2.1.4.6324 or 2.2.1.6506 of TOS, Craddick said.



_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Web Attack Crashes TippingPoint IPS, InfoSec News <=
Previous by Date:  [ISN] Banks to face no charges over India data theft incident, InfoSec News
Next by Date:  [ISN] Mac users 'too smug' over security, InfoSec News
Previous by Thread:  [ISN] Banks to face no charges over India data theft incident, InfoSec News
Next by Thread:  [ISN] Mac users 'too smug' over security, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]