Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

IDS Stress Test Utility called 'Stick'

From: security curmudgeon <jericho () ATTRITION ORG>
Date: Sun, 18 Mar 2001 03:41:10 -0700
[There are three articles on this, each can be found at:
 http://thebusiness.vnunet.com/News/1119335
 http://www.zdnet.co.uk/news/2001/10/ns-21602.html
 http://www.theregister.co.uk/content/8/17660.html

 I have included one below with a few comments because of its poor
 wording. -sc]

http://thebusiness.vnunet.com/News/1119335

   Hackers' Stick beats detection tools
   By James Middleton

   Malicious coders have developed an attack tool that can perform a
   denial of service attack against many popular intrusion detection
   products.

[Malicious coders? Once the tool was developed, these 'malicious' people
 opted to share it only with IDS vendors. This was done to help vendor
 improve their products and learn more about the inherant weaknesses of
 current IDS products. The tool was not released to full disclosure mail
 lists like Bugtraq, or posted to a web site as far as I have seen.
 Given that, it would seem to me that the creators of the tool are not
 malicious, and in fact are quite honorable in how they chose to deal with
 a serious security problem that has severe implications if let into the
 wild. This callous wording in the article is an insult. -sc]

   The tool, known as Stick, directs thousands of overt attacks at
   security systems, causing them to fall over.

   Coretez Giovanni, of US-based security company Endeavor Systems, told
   vnunet.com that flaws in the implementation and development of IDS
   software were one of the main reasons for the success of these tools.

   "Stick succeeds because script kiddies are operating security. People
   are downloading and buying IDS without knowing what or why," he said.

   "On the development side IDS must be able to validate that the alarm
   is correct. This means that the IDS needs to determine if the
   pre-cursor and post events that occurred confirm or deny that an
   attack is real," he added.

   Security firm Internet Security Systems said Stick uses "very
   straightforward techniques" of firing numerous attacks from random IP
   addresses to purposely trigger IDS events. As the IDS system attempts
   to keep up with the flood of events it puts more strain on the system,
   eventually resulting in denial of service.

   As the Stick attack works on a 'flooding' level, its effectiveness is
   limited by the bandwidth available to the attacker, although this also
   means attackers with more bandwidth at their disposal will be more
   successful.

   ISS has developed two fixes for RealSecure Network Sensor, one of the
   most popular IDS products, which are available [11]here.

   A white paper on Stick is available [12]here.

   If you would like to comment on this article email us @
   newseditor () vnunet com

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: