TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 INTERNET RISK UPDATE for 07-08-2002 ISS X-Force Internet Threat Intelligence Center www.iss.net - Click on the AlertCon logo for more information. ******************************************** ALERTCON 1 Projected: AlertCon 1 ******************************************** ALERTCON 1 - we have reduced our risk level, yet will be cognizant of the risk that active exploits of the Apache and OpenSSH vulnerabilities pose. VULNERABILITIES: We still are harping on the Apache and OpenSSH vulnerabilities as nothing else has percolated to the surface which would pose more of a risk to your networks at this time. Please take a moment to download and peruse the ISS X-Force Internet Risk Impact Summary just released. It is available on the ISS Web site. VIRUSES/WORMS: WORM_LIAC.A - This worm sends itself to all email addresses listed on the infected system's Microsoft Outlook Address Book. It is petite-compressed and carries an icon of a movie file. This worm is rated as a low risk at this time. ******************************************** RECOMMENDATIONS ******************************************** OpenSSH: ISS X-Force recommends that system administrators disable unused OpenSSH authentication mechanisms. For further information on this solution and affected products, please review the advisory. http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=2058 4 Apache: The X-Force has released an advisory with patching instructions for the default setting of the Apache HTTP Server. This advisory requires immediate action on behalf of all system users with Apache HTTP Server. See Apache for additional details. http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=2052 4 http://httpd.apache.org/info/security_bulletin_20020617.txt For a list of current vulnerabilities, please see: https://gtoc.iss.net/vulnerabilities.php For the Worm/Virus of the day, please refer to: <http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ LIAC.A> Information regarding other viruses and worms please see: https://gtoc.iss.net/viruses.php ******************************************** FACTOID: The National Research Council last month released a report that experts describe as a blueprint for the Bush administration's long-term plan to use IT and other technologies to fight the war on terrorism. The report, "Making the Nation Safer: The Role of Science and Technology in Countering Terrorism," released on June 25, offers a detailed plan for the research, development and deployment of IT systems to enhance homeland security. It also recommends the establishment of a private sector Homeland Security Institute to research and test future technology proposals and calls for the deployment of an "intelligent, adaptive electric power grid" to withstand catastrophic failures caused by physical damage or cyber disruptions. ******************************************** ATTACK SIGNATURE RANKING - global IDS, midnight - midnight, previous Day, % of total ******************************************** Protocol Violation 38.99% Unauthorized Access Attempt 29.53% Pre-Attack Probe 20.61% Suspicious Activity 06.94% Denial Of Service 03.92% Back Door 00.01% ******************************************** TOP ATTACK DESTINATION PORTS - global IDS, midnight - midnight, previous day, % of top ports (ports found at) http://www.neohapsis.com/neolabs/neo-ports/neo-ports.html ******************************************** 80 (http) 70.69% 21 (ftp) 11.67% 111 (sunrpc) 03.51% 25 (smtp) 03.42% 161 (SNMP) 03.41% 69 (tftp) 02.93% 162 (SNMPTrap) 01.56% 22 (ssh) 01.14% 139 (NetBIOS) 00.85% 53 (DNS) 00.81% ******************************************** BACKGROUND, COPYRIGHT NOTICE, and DISCLAIMER ******************************************** Background. We provide this information in the spirit of PDD 63 to help security professionals wage the war against Internet threats more effectively. Information in this update derived primarily from global, real time, 24 x 7 IDS feeds, ISS X-Force R&D Team research, and professional liaison. Other sources as noted. AlertCon 1 - Internet risk baseline reflecting the malicious, determined, global, 24/7 attacks experienced by all networks connected to the Internet. In simple terms, AlertCon 1 indicates that a newly configured computer will be compromised within 24 hours of first being connected to the Internet. AlertCon 2 means increased vigilance is necessary. The potential exists for increased risk because of new vulnerabilities or credible threats to the confidentiality, integrity, and/or availability of computer networks. Some degree of vulnerability assessment and potential corrective action is recommended. AlertCon 3 reflects focused attacks. Internet attacks have been noted against specific vulnerabilities or inherent information system weaknesses. Immediate defensive action is required. AlertCon 4 means an actual or potentially catastrophic security situation has arisen within a network or group of networks whose survival depends on immediate and focused defensive action. This condition may be imminent or ongoing. All summaries cover 24 hours the previous workday, GMT. Monday summaries may cover some weekend activity. Copyright 2002 Internet Security Systems, Inc. Permission is granted for the redistribution of the Internet Risk electronically. It is not to be sold or edited in any way without express consent of ISS. Refer comments or questions to: mailto:[EMAIL PROTECTED] or mailto:[EMAIL PROTECTED] Disclaimer: This information is subject to change without notice. Use of this information constitutes acceptance for use in an 'as is' condition. There are no warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. No other use authorized. FOIA Exemption 4. Patrick Gray Manager, X-Force Internet Threat Intelligence Center Internet | Security | Systems The Power To Protect www.iss.net -----BEGIN PGP SIGNATURE----- Version: PGP 7.1.1 iQA/AwUBPSmhV5G41ROSQPncEQL2FACfRGzWtaCqdmRix/YRCgZcNVSUhqwAoP5g EPhJhC0EbFG81NsHtBg3IUBa =NCi5 -----END PGP SIGNATURE-----
