Announcing RealSecure� Network Sensor and Proventia(tm) A201 Appliance XPU 20.13 and
RealSecure� Network Sensor XPU 5.12 now available from the ISS Download Center:
<http://www.iss.net/download/>.
May 28, 2003
PROTECTION BENEFITS
Included in this X-Press Update(tm) product enhancement (XPU) are thirty eight new
events including protocol anomaly detections and signatures.
* Application Protection. This release contains events to address issues in
Microsoft SQL Server, Outlook, Nortel Contivity HTTP Server, SNORT, Vintra Mail Server
and others.
* Attack Tools and Techniques. This XPU provides detection and protection
against attack or scanning tools, including, CyberCop, multiple vendor DoS tools
including Stick, and Services scanning tools. ISS has also included protection
against SQL injection, a technique used to pass unauthorized SQL code into an
application with malicious intent.
* Platform Protection: Protection for issues in Windows and Solaris is included.
NEW EVENTS
SecChkID ProductCheckName Event Type
Risk Level
------- ---------------- ---------
----------
3992** SMB_Admin_Sneak Unauthorized Access Attempt High
9039** DHCP_Format_String_BO Unauthorized Access Attempt High
12015** Insane_Network_Backdoor Unauthorized Access Attempt High
4316** HTTP_Cgiproc_File_Read Unauthorized Access Attempt Medium
11129* RPC_KCMS_File_Retrieval Unauthorized Access Attempt Medium
11411* HTTP_Outlook_Codebase_Execute Unauthorized Access Attempt Medium
11566 HTTP_GET_SQL_OpenRowSet Unauthorized Access Attempt Medium
11566* HTTP_POST_SQL_OpenRowSet Unauthorized Access Attempt
Medium
11567 HTTP_GET_SQL_UnionAllSelect Unauthorized Access Attempt
Medium
11567* HTTP_POST_SQL_UnionAllSelect Unauthorized Access Attempt Medium
11568 HTTP_GET_SQL_UnionSelect Unauthorized Access Attempt
Medium
11568* HTTP_POST_SQL_UnionSelect Unauthorized Access Attempt
Medium
11569 HTTP_GET_SQL_WaitForDelay Unauthorized Access Attempt
Medium
11569* HTTP_POST_SQL_WaitForDelay Unauthorized Access Attempt Medium
11831* LanMan_Share_Enum_Sweep Unauthorized Access Attempt Low
167** SMB_Guessable_Password Protocol Signature High
3274* MSRPC_User_Enum Protocol Signature High
11909* HSRP_Default_Password Protocol Signature Medium
11912* HSRP_Invalid_IPTTL Protocol Signature
Medium
11913* HSRP_Suspicious_Priority Protocol Signature
Medium
11835* SensorStatistics Protocol Signature
Low
11835* Network_Quiet Protocol Signature
Low
11835* Network_Normal Protocol Signature
Low
11910* HSRP_Coup Protocol Signature
Low
11911* HSRP_Resign Protocol Signature
Low
11943* MSRPC_Share_Enum Protocol Signature
Low
11943* LanMan_Share_Enum Protocol Signature
Low
2049** FTP_User_Root Pre-attack Probe
High
128** SMTP_Probe_Root Pre-attack Probe Medium
158** Finger_Root Pre-attack Probe
Low
5253* SMB_Service_Sweep Pre-attack Probe
Low
11799* Snort_Stream4_HeapBo Denial of Service
High
11992* Malformed_Packet_Storm Denial of Service High
1617** SMTP_Expn_Metachar Denial of Service
Medium
3320 ICMP_Modem_DoS Denial of Service Medium
4317** HTTP_Cgiproc_DoS Denial of Service
Medium
6552* Synthesized_Host_Attack_Flood Denial of Service
Medium
6552* Synthesized_Network_Attack_Flood Denial of Service
Medium
*These events are included only for 7.0 Network Sensor and the Proventia A201
Appliance.
**These events will be considered for inclusion in an upcoming 6.5 Network Sensor XPU.
VERSIONS/PLATFORMS
XPU 20.13 supports the Proventia A201 Appliance and Network Sensor 7.0 on Windows
2000, Linux, Solaris and RealSecure for Nokia. XPU 5.12 supports Network Sensor 6.5 on
Solaris, Windows NT, Windows 2000 and RealSecure for Nokia. Supported management
consoles include Workgroup Manager versions 6.7, 6.6, 6.5, and SiteProtector versions
2.0 and 1.2.
For more information on this release, please contact the following:
* For additional product information:
- X-Press Update, <http://www.iss.net/db_data/xpu/RS.php>
- Network Sensor,
<http://www.iss.net/products_services/enterprise_protection/rsnetwork/sensor.php>
- Proventia Appliances,
<http://www.iss.net/products_services/enterprise_protection/proventia/index.php>
* For sales and professional services information:
- [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
- 800-776-2362 (U.S. and Canada); +1-404-236-2600 (International)
* For support information, including ISS' Technical Support Knowledgebase:
- Customer Support - <http://www.iss.net/support/enterprise/index.php>
- Technical Support Knowledgebase - <http://www.iss.net/support/knowledgebase/>
* For additional information regarding common issues experienced when downloading
XPUs, please reference Answer ID 1843 in the ISS knowledgebase -
<http://www.iss.net/support/knowledgebase/>
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo
