Information Security News mailing list archives
IDS Stress Test Utility called 'Stick'
From: security curmudgeon <jericho () ATTRITION ORG>
Date: Sun, 18 Mar 2001 03:41:10 -0700
[There are three articles on this, each can be found at: http://thebusiness.vnunet.com/News/1119335 http://www.zdnet.co.uk/news/2001/10/ns-21602.html http://www.theregister.co.uk/content/8/17660.html I have included one below with a few comments because of its poor wording. -sc] http://thebusiness.vnunet.com/News/1119335 Hackers' Stick beats detection tools By James Middleton Malicious coders have developed an attack tool that can perform a denial of service attack against many popular intrusion detection products. [Malicious coders? Once the tool was developed, these 'malicious' people opted to share it only with IDS vendors. This was done to help vendor improve their products and learn more about the inherant weaknesses of current IDS products. The tool was not released to full disclosure mail lists like Bugtraq, or posted to a web site as far as I have seen. Given that, it would seem to me that the creators of the tool are not malicious, and in fact are quite honorable in how they chose to deal with a serious security problem that has severe implications if let into the wild. This callous wording in the article is an insult. -sc] The tool, known as Stick, directs thousands of overt attacks at security systems, causing them to fall over. Coretez Giovanni, of US-based security company Endeavor Systems, told vnunet.com that flaws in the implementation and development of IDS software were one of the main reasons for the success of these tools. "Stick succeeds because script kiddies are operating security. People are downloading and buying IDS without knowing what or why," he said. "On the development side IDS must be able to validate that the alarm is correct. This means that the IDS needs to determine if the pre-cursor and post events that occurred confirm or deny that an attack is real," he added. Security firm Internet Security Systems said Stick uses "very straightforward techniques" of firing numerous attacks from random IP addresses to purposely trigger IDS events. As the IDS system attempts to keep up with the flood of events it puts more strain on the system, eventually resulting in denial of service. As the Stick attack works on a 'flooding' level, its effectiveness is limited by the bandwidth available to the attacker, although this also means attackers with more bandwidth at their disposal will be more successful. ISS has developed two fixes for RealSecure Network Sensor, one of the most popular IDS products, which are available [11]here. A white paper on Stick is available [12]here. If you would like to comment on this article email us @ newseditor () vnunet com ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- IDS Stress Test Utility called 'Stick' security curmudgeon (Mar 19)