Sourcefire Provides Coverage Ahead of Threat for Microsoft Denial of Service; Sourcefire's Focus on Vulnerabilities Protects Customers and Snort(R) Users.COLUMBIA, Md. -- Sourcefire, Inc., the creators of Snort An open source network intrusion detection system (NIDS) that is noted for its effectiveness. Developed by Martin Roesch, Snort can also be used just as a packet logger or packet sniffer. For more information, visit www.snort.org. See IDS. (R) and the world leader in intrusion prevention See IPS and IDS. , today announced that its customers and Snort users already have coverage in place for a newly discovered Microsoft UPnP RPC (Remote Procedure Call) A programming interface that allows one program to use the services of another program in a remote machine. The calling program sends a message and data to the remote program, which is executed, and results are passed back to the calling Denial of Service attack An assault on a network that floods it with so many additional requests that regular traffic is either slowed or completely interrupted. Unlike a virus or worm, which can cause severe damage to databases, a denial of service attack interrupts network service for some period. . The Sourcefire(TM) Vulnerability Research Team (VRT VRT Vita Radio Transport (communications standard / protocol) VRT Virus Removal Tools VRT Vehicle Registration Tax VRT Vehicle Reg Tax VRT Voltage Reduction Technology (Intel Corp) ) quickly determined that rules released over a month ago, written to detect attempts to exploit a well-known Microsoft vulnerability, provided the necessary coverage to detect and prevent this new attack on customers' networks. The VRT is chartered with researching new vulnerabilities and creating methods for detecting and preventing attempts to exploit them. The team utilizes advanced protocol modeling to write rules that detect potential attacks against the underlying vulnerabilities used by many worms and malicious scripts as their attack vectors. In this case, Sourcefire 3D System and Snort users were provided with a detailed analysis of the attack and confirmation that rules released over a month ago would detect or prevent it. "In order to provide our users with the best possible security, it is critical that we go beyond relying on public information," said Martin Roesch, Sourcefire CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey. and creator of Snort. "This is yet another example of how the Sourcefire VRT's superior analysis and advanced methodology for writing rules provides users with the far superior protection against threats than writing exploit-specific rules in response to known threats." Vulnerability Details A vulnerability exists in the Microsoft RPC system that may present a remote attacker with the opportunity to cause a DoS condition on an affected host. The condition is manifest when a malformed malĀ·formed adj. Abnormally or faultily formed. request is made to the UPnP service in the data section of a call to the GetDeviceList function. On processing this request, memory consumption increases to the point where the system becomes unresponsive. Repeated requests of this nature will cause the DoS to occur. Successful exploitation of this problem may allow a remote attacker to allocate an arbitrary amount of memory on the target host and ultimately cause a DoS to occur. Further information about this vulnerability and how to obtain Snort Rules is available at http://www.snort.org/rules/advisories/vrt-rules-2005-11-17.html. About the Sourcefire Vulnerability Research Team The Sourcefire VRT is comprised of leading edge intrusion prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in network security. About Sourcefire Sourcefire, Inc., the world leader in intrusion prevention, is transforming the way organizations manage and minimize network security risks with its 3D Approach - Discover, Determine, Defend - to securing real networks in real-time. The company's ground-breaking network defense system unifies intrusion and vulnerability management technologies to provide customers with the most effective network security available. Founded in 2001 by the creator of Snort, Sourcefire is headquartered in Columbia, MD and has received numerous accolades including being named the Frost & Sullivan 2005 Network Security Infrastructure Protection Company of the Year. At work in leading Fortune 1000 and government agencies, the names Sourcefire and founder Martin Roesch have grown synonymous with synonymous with adjective equivalent to, the same as, identical to, similar to, identified with, equal to, tantamount to, interchangeable with, one and the same as innovation and intelligence in network security. Sourcefire announced on October 6, 2005 that it signed a definitive agreement to be acquired by Check Point Software Technologies Ltd. (Nasdaq:CHKP CHKP Check Point Software Technologies Ltd. (stock abbreviation, AMEX) ), for a total consideration of approximately $225 million. The acquisition is subject to closing conditions including the Hart-Scott-Rodino Antitrust Improvements Act The Hart-Scott-Rodino Antitrust Improvements Act of 1976 (Public Law 94-435, known commonly as the HSR Act) is a set of amendments to the antitrust laws of the United States, principally the Clayton Antitrust Act. The HSR Act was signed into law by President Gerald R. of 1976 ("HSR HSR homogeneously staining regions. ") and Exxon-Florio Act of 1988 and is expected to close by Q106 shortly after receiving regulatory approvals. For more information about Sourcefire, please visit www.sourcefire.com. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion