Information Security News mailing list archives
Intrusion Detection Systems: An Opening For Hackers?
From: InfoSec News <isn () C4I ORG>
Date: Fri, 16 Mar 2001 20:34:26 -0600
http://www.newsbytes.com/news/01/163221.html By Brian Krebs, Newsbytes WASHINGTON, D.C., U.S.A., 15 Mar 2001, 5:38 PM CST System administrators who rely on intrusion detection systems to snag malicious hacker trying to break into their system may actually be lulling themselves into a false sense of security, the government's security watchdog warned today. The National Infrastructure Protection Center (NIPC), the FBI's cyber-crime division, said initial reports indicate that a software package had been identified that could be used to disable a computer's intrusion detection system (IDS) by flooding it with Internet traffic from a number of Internet addresses simultaneously. The heavy traffic could cause the IDS to become inoperative, thus opening the door to malicious hackers, the NIPC said. The NIPC did not release any further information about the IDS systems affected or the source of the tool that could be used to defeat them, saying only that it was "still reviewing the information for accuracy and to determine the level of threat." But Ryan Russell, an incident analyst with Securityfocus.com, said it had received one report from a group called "8th Port," that it had developed a tool called "Stick" that could be used to disable Internet Security Systems' Real Secure 5.5 intrusion detection system. According to 8th Port's Web site, http://www.8thport.com, "Stick is an IDS stress tool used to evaluate the bottleneck point in an IDS." 8th Port operators said they do not plan to publicly release the tool any time soon. 8th Port said it would, however, lend the tool to any interested IDS vendors. The unidentified author of the notice on 8thPort's Web site said ISS had been contacted about the flaw, and that it did not appear that any other IDS vendors were affected by the tool. Internet Security Systems officials could not be immediately reached for comment. The NIPC's advisory can be found online at: http://www.nipc.gov/warnings/assessments/2001/01-004.htm SecurityFocus is on the Web at http://www.securityfocus.com ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Intrusion Detection Systems: An Opening For Hackers? InfoSec News (Mar 16)