TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 INTERNET THREAT UPDATE for 12-13-2001 ISS X-Force Special Operations Group www.iss.net <http://www.iss.net> - Click on 'Current Internet Threat' for more information. ****************************************************** ALERTCON 2 Projected AlertCon 3 ****************************************************** - - We remain at AlertCon 2 - heightened awareness - because of the recently publicized System V derived login vulnerability that affects multiple vendor applications and results in remote access with super-user privileges. - - Because the exploit is in the wild we anticipate exploitations of this vulnerability. When we see this happening we will raise the AlertCon to 3 (active, focused threat). - - AlertCon trending, FYI. Since May 1st when we began assigning numerical designators to the Internet threat, we have been at AlertCon 1 (normal chaos) 51% of the time, at AlertCon 2 (heightened awareness) 34% of the time, AlertCon 3 (active, focused threat) 14% of the time and AlertCon 4 (Internet emergency) just under 1% of the time (only two days of AlertCon 4, July 30th and August 1st, for the Code Red Worm wake-up call). - ------------------------------------------------------ RECOMMENDATIONS - ------------------------------------------------------ - - See the X-Force advisory for details, solutions to the SysV derived login vulnerability. <http://xforce.iss.net/alerts/advise105.php> - - Additional information is available in CERT-CC advisory CA 2001-34 <http://www.cert.org/advisories/CA-2001-34.html> - ------------------------------------------------------ ATTACK SIGNATURE RANKING - global IDS, midnight - midnight, previous day, % of total - ------------------------------------------------------ Unauth Access Attempts 56.11% Protocol Decodes 20.12% Pre-Attack Probes 15.30% Denial Of Service 07.19% Suspicious Activity 01.25% Back Door 00.03% - ------------------------------------------------------ TOP TEN ATTACK DESTINATION PORTS - global IDS, midnight - midnight, previous day, % of top ten (ports found at) <http://www.networkice.com/Advice/Exploits/Ports/default.htm> - ------------------------------------------------------ 80 (http) 78.76% 22 (ssh) 13.76% 25 (smtp) 01.64% 69 (tftp) 01.48% 21 (ftp) 01.39% 23 (telnet) 01.26% 137 (netbios-ns) 00.88% 12754 (unassigned) 00.32% 15104 (unassigned) 00.26% 443 (https) 00.26% - ------------------------------------------------------ BACKGROUND, COPYRIGHT NOTICE, and DISCLAIMER - ------------------------------------------------------ Background. We provide this information in the spirit of PDD 63 to help security professionals wage the war against Internet threats more effectively. Information in this update derived primarily from global, real time, 24 x 7 IDS feeds, ISS X-Force R&D Team research, and professional liaison. Other sources as noted. AlertCon 1 reflects the global, malicious, determined, 24 x 7 attacks experienced by all networks. AlertCon 2 means increased vigilance/action recommended due to a specific threat or concern. AlertCon 3 means increased attacks against specific targets or vulnerabilities on a scale that is unusually high, action required. AlertCon 4 reflects an Internet emergency for a target or group of targets whose business continuity may depend on some sort of immediate, decisive action. All summaries cover 24 hours the previous workday, GMT. Monday summaries may cover some weekend activity. Copyright 2001 Internet Security Systems, Inc. Permission is granted for the redistribution of the Internet Threat Update electronically. It is not to be sold or edited in any way without express consent of ISS. Refer comments or questions to: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> or [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> Disclaimer: This information is subject to change without notice. Use of this information constitutes acceptance for use in an 'as is' condition. There are no warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. No other use authorized. FOIA Exemption 4. Dennis Dennis Treece Director, X-Force Special Operations Group Internet Security Systems (ISS) 6303 Barfield Road Atlanta, Georgia 30328 -----BEGIN PGP SIGNATURE----- Version: PGP 6.5 iQA/AwUBPBjZ1OOOe/7N9KJeEQLPawCfeI74NWsA/9SnVN5yBmteF0TtqFgAniYf ZxxfTr8859n5e9d1b0optjGq =p+Ne -----END PGP SIGNATURE-----
