http://www.eweek.com/article2/0,1895,1912048,00.asp By Paul F. Roberts January 17, 2006 Mysterious Web attack traffic caused some of 3Com Corp.'s TippingPoint IPS devices to crash last week, requiring a hasty patch by the company. Some TippingPoint customers had their IPS (intrusion prevention system) appliances crash while trying to process a specific kind of Internet attack traffic last week. The company learned of the problem on Friday and issued an update for the TOS (TippingPoint OS) software within hours, said Laura Craddick, TippingPoint's public relations manager. At York University in Toronto, TippingPoint IPS devices began crashing repeatedly on Friday, Jan. 13, prompting a call to the vendor, said Ramon Kagan of the University's Computing and Network Services department. The crashes were caused by malicious HTTP traffic that attempted to trigger a known security vulnerability in another product. The HTTP attack traffic eventually caused the TOS software, which runs the IPS company's appliances, to crash, bringing down the whole device, he said. Reports of the crashes were sporadic, because only a very specific type of attack traffic triggered the hole, Kagan said. He declined to provide details about the malicious traffic that crashed the IPS devices. Complaints about the problem reached the Austin, Texas, company on Friday; about one day after TippingPoint shipped updated attack signatures to its clients. 3Com released new versions of the TOS software to address the issue, Craddick said. Customers who were affected by the crashes speculated in an online discussion group that they may have been caused by a conflict with new attack signatures distributed the day before. However, TippingPoint contends that the behavior was caused by a flaw in the TOS software, not by a bad signature, Craddick said. The university has been using TippingPoint's IPS technology for two years, Kagan said. With the TippingPoint appliance offline, staff at York University had to deal with a mild increase in traffic, and used IDS (intrusion detection system) software to filter out some attacks. However, Kagan expressed satisfaction that 3Com responded within five hours with a software patch that fixed the problem. Customers who have not done so should upgrade their TippingPoint appliances to version 2.1.4.6324 or 2.2.1.6506 of TOS, Craddick said. _________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Wed Jan 18 2006 - 01:27:40 PST