Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Intrusion Detection Systems: An Opening For Hackers?

From: InfoSec News <isn () C4I ORG>
Date: Fri, 16 Mar 2001 20:34:26 -0600
http://www.newsbytes.com/news/01/163221.html

By Brian Krebs, Newsbytes
WASHINGTON, D.C., U.S.A.,
15 Mar 2001, 5:38 PM CST

System administrators who rely on intrusion detection systems to snag
malicious hacker trying to break into their system may actually be
lulling themselves into a false sense of security, the government's
security watchdog warned today.

The National Infrastructure Protection Center (NIPC), the FBI's
cyber-crime division, said initial reports indicate that a software
package had been identified that could be used to disable a computer's
intrusion detection system (IDS) by flooding it with Internet traffic
from a number of Internet addresses simultaneously. The heavy traffic
could cause the IDS to become inoperative, thus opening the door to
malicious hackers, the NIPC said.

The NIPC did not release any further information about the IDS systems
affected or the source of the tool that could be used to defeat them,
saying only that it was "still reviewing the information for accuracy
and to determine the level of threat."

But Ryan Russell, an incident analyst with Securityfocus.com, said it
had received one report from a group called "8th Port," that it had
developed a tool called "Stick" that could be used to disable Internet
Security Systems' Real Secure 5.5 intrusion detection system.

According to 8th Port's Web site, http://www.8thport.com, "Stick is an
IDS stress tool used to evaluate the bottleneck point in an IDS." 8th
Port operators said they do not plan to publicly release the tool any
time soon. 8th Port said it would, however, lend the tool to any
interested IDS vendors.

The unidentified author of the notice on 8thPort's Web site said ISS
had been contacted about the flaw, and that it did not appear that any
other IDS vendors were affected by the tool.

Internet Security Systems officials could not be immediately reached
for comment.

The NIPC's advisory can be found online at:
http://www.nipc.gov/warnings/assessments/2001/01-004.htm

SecurityFocus is on the Web at http://www.securityfocus.com

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: