North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Worm?

  • From: Rubens Kuhl Jr.
  • Date: Sat Jan 14 11:56:56 2006
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=oWp8+k83AVyNXLJBnowdK1yooTncxjWAaCw3i4g1sf2xxnJxHQ3uZVAbI+EjC4klZdghQoCdKt9B+uW838Q67UjlBTZFBuG8WBT5sey6u538T71dQm8eQ0Z1f8wu4ERyNSM0RhGwaj3cd7Tn3bHIGmW1O8lpb8JLl2kqEQ42ZlE=

See story below from isc.sans.org (now on cover page, article on
http://isc.sans.org/diary.php?storyid=1042)

Rubens


-----------------------------------------------


TippingPoint IPS DoS (High CPU load) (NEW)
Published: 2006-01-14,
Last Updated: 2006-01-14 05:57:28 UTC by Swa Frantzen (Version:
3(click to highlight changes))

We are getting multiple reports of a DoS attack (causing high CPU load
that prevents normal use) against TippingPoint IPS devices.

We got a call from TippingPoint, stating that in their opinion this is
not a "DoS", but a "high load" issue.

For more details we'd like to urge customers to contact TippingPoint
directly. They are working on a patch and advisory which should be
available shortly.

Edit: We've received a report that TippingPoint has now released a
patch for this issue.  The patch version is TOS 2.1.4.6324.

--
Swa Frantzen

On 1/13/06, Byrne, David <[email protected]> wrote:
>
>
> Anyone know about a new worm going around? Our IPS vendor says that they
> have a number of customers affected by traffic volume, but I don't know any
> details.
>
> Thanks,
>
> David Byrne
>
> Corporate IT Security
>
> EchoStar Satellite L.L.C.
>
> 720-514-5675
>
> [email protected]
>
>


  • References: