Outpost24 TCP Issues

Unanswered Question
Oct 20th, 2008

Hi Karl,

last week we received the following threath warning (from a reliable source):
Threat:

Outpost24 announced a threat two weeks ago about the TCP/IP stack, the impact of this threat is very high and involving all TCP/IP network based systems.
This information is confirmed by organizations as Govcert, Fox-IT, etc.
On the 17th of October 2008 detailed information will be presented to the world on a technology conference and there could be a higher change of exploitation (based on the amount of information which will be released).

Major vendors like Microsoft, Cisco, IBM, etc. are informed and are working on a solutions, until now there are no patches or solutions available.

Impact:
Systems which are attacked will go down, this includes all TCP/IP related environments

Worst case scenario:
The exploit will be available before patching. If we are attacked this could result in a Denial Of Service (DOS) most likely on our internet infrastructure.



Is this threat know by Ironport and do is there a roadmap for patching?

Thanks!

Steven

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
karlyoun Mon, 10/20/2008 - 22:16

Steven

I started a new topic to cover this. This report is new, and is still being investigated. Here is a link to Cisco's current response:

http://www.cisco.com/warp/public/707/cisco-sr-20081017-tcp.shtml

And here is the latest from CERT (also linked in the Cisco response):

https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html]

I am working with the IronPort Security Team to get a response. I will post here, and in the Security section of the IronPort Support Portal as soon as I have more information.

Karl Young
Email Security Product Support Engineer
IronPort Systems


Hi Karl,

last week we received the following threath warning (from a reliable source):
Threat:

Outpost24 announced a threat two weeks ago about the TCP/IP stack, the impact of this threat is very high and involving all TCP/IP network based systems.
This information is confirmed by organizations as Govcert, Fox-IT, etc.
On the 17th of October 2008 detailed information will be presented to the world on a technology conference and there could be a higher change of exploitation (based on the amount of information which will be released).

Major vendors like Microsoft, Cisco, IBM, etc. are informed and are working on a solutions, until now there are no patches or solutions available.

Impact:
Systems which are attacked will go down, this includes all TCP/IP related environments

Worst case scenario:
The exploit will be available before patching. If we are attacked this could result in a Denial Of Service (DOS) most likely on our internet infrastructure.



Is this threat know by Ironport and do is there a roadmap for patching?

Thanks!

Steven

Actions

This Discussion