Johannesburg, 18 Apr 2005
TippingPoint, a division of 3Com and the leader in intrusion prevention, today announced its suite of Intrusion Prevention Systems (IPS) provided preemptive infrastructure protection for numerous Denial of Service (DoS) attacks disclosed Tuesday affecting several products including infrastructure products from Cisco and Juniper. Without an IPS solution that offers immediate protection and works seamlessly with any vendor`s networking equipment, enterprises must scramble to quickly deploy security patches for each individual product they use, and only when the vendor makes the patch available.
Denial of Service attacks typically result in a loss or degradation of network connectivity or services. Customers using TippingPoint`s IPS are protected from the new infrastructure attacks and other DoS attacks, regardless of the equipment used in their network. "Intrusion prevention is an important component of protecting critical network infrastructure," said TippingPoint`s Director of Digital Vaccine David Endler. "By design, most infrastructure products are not dynamically or automatically updated, and therefore, require IT personnel to manually implement individual patches on affected machines once they are finally made available by an equipment vendor and only during pre-defined IT maintenance windows. Intrusion prevention is part of the network infrastructure and is able to protect against attacks on routers and switches immediately, when placed in front of such products."
The Denial of Service attacks were disclosed Tuesday through the Internet Engineering Task Force (IETF) document entitled "ICMP Attacks Against TCP".
Technical Description of Attacks The DoS attacks disclosed Tuesday allow an attacker to reset or degrade an established Transmission Control Protocol (TCP) connection by spoofing Internet Control Message Protocol (ICMP) messages. This could have implications for devices that require constant connections, such as routers that support BGP peering.
Infrastructure protection for these ICMP attacks was delivered to TippingPoint customers Tuesday with a new batch of security filters addressing the newly announced Microsoft vulnerabilities and DoS infrastructure attacks. For customers with TippingPoint network-based protection, vulnerable infrastructure products are protected by the TippingPoint IPS. TippingPoint also protects other technologies affected including Microsoft, IBM and Sun Microsystems. For the full list of vendors affected and technical details about the attacks, please visit here.
The TippingPoint Intrusion Prevention Systems provide Application Protection, Performance Protection and Infrastructure Protection at gigabit speeds through total packet inspection. Application Protection capabilities provide fast, accurate, reliable protection from internal and external cyber attacks. Through its Infrastructure Protection capabilities, the TippingPoint IPS protects VoIP infrastructure, routers, switches, DNS and other critical infrastructure from targeted attacks and traffic anomalies. TippingPoint`s Performance Protection capabilities enable customers to throttle non-mission critical applications that hijack valuable bandwidth and IT resources, thereby aligning network resources and business-critical application performance.
Share