TippingPoint | DVLabs | ThreatLinQ: Taking Out the Trash

▼ 2012
- ▼ February (1)
  - MindshaRE: IDAception
► 2011
- ► December (4)
  - (loading)
- ► November (1)
  - (loading)
- ► October (1)
  - (loading)
- ► September (1)
  - (loading)
- ► July (2)
  - (loading)
- ► June (1)
  - (loading)
- ► May (1)
  - (loading)
- ► April (3)
  - (loading)
- ► March (1)
  - (loading)
- ► February (12)
  - (loading)
- ► January (1)
  - (loading)
► 2010
- ► December (1)
  - (loading)
- ► November (1)
  - (loading)
- ► October (1)
  - (loading)
- ► September (4)
  - (loading)
- ► August (1)
  - (loading)
- ► July (1)
  - (loading)
- ► March (1)
  - (loading)
- ► February (2)
  - (loading)
► 2009
- ► October (1)
  - (loading)
- ► September (3)
  - (loading)
- ► July (1)
  - (loading)
- ► June (5)
  - (loading)
- ► May (1)
  - (loading)
- ► April (2)
  - (loading)
- ► March (9)
  - (loading)
- ► February (7)
  - (loading)
- ► January (5)
  - (loading)
► 2008
- ► December (2)
  - (loading)
- ► November (4)
  - (loading)
- ► October (7)
  - (loading)
- ► September (9)
  - (loading)
- ► August (16)
  - (loading)
- ► July (9)
  - (loading)
- ► June (11)
  - (loading)
- ► May (1)
  - (loading)
- ► April (4)
  - (loading)
- ► March (6)
  - (loading)
- ► February (4)
  - (loading)
► 2007
- ► December (1)
  - (loading)
- ► November (5)
  - (loading)
- ► October (4)
  - (loading)
- ► September (1)
  - (loading)
- ► August (2)
  - (loading)
- ► July (9)
  - (loading)
- ► June (4)
  - (loading)
- ► May (8)
  - (loading)

ThreatLinQ: Taking Out the Trash

By Mike Dausin
Fri 05 Sep 2008 10:17am
4916 Views
0 Comments
Link

One of the often cited benefits of IPS is the ability to keep ancient attacks from 'polluting' your otherwise pristine network. The fact is, attacks such as Code Red and SQL Slammer are still out there in force. And while there may be literally a 0% chance of these attacks being successful on a machine in your environment, there is simply no reason to let them into your network.

Of course, when we tell people this, the first question we often get asked is "are these attacks REALLY out there still?" The answer is definitely "Yes!"

Take Slammer for instance. Over the last month, ThreatLinQ has detected no less than 73,300 infected slammer sources which produced tens of millions of packets. Sure, slammer packets are small, and not likely to cause too much congestion. But why let Slammer on your network at all, when it can be easily blocked?

Also, I should also point out that although slammer would never appear on YOUR network (our readers/customers tend to be on the ball,) infections do still occur. Below is a graph of a host that was clearly infected on 8/22/2008.

I wonder if the admin of this network has pulled out all his/her hair yet trying to figure out why the net is so slow...

Tags:

Published On: 2008-09-05 10:17:24

Comments post a comment

No comments.

Trackback

ThreatLinQ: Taking Out the Trash

Comments post a comment

Published Advisories

Upcoming Advisories

Blog Entries