TippingPoint protects Cisco, Juniper infrastructure products in DoS attacks

Enterprise Networks & Servers, May 2005

TippingPoint, a 3Com Intrusion Prevention Systems (IPS) suite provided preemptive infrastructure protection for numerous Denial of Service (DoS) attacks affecting infrastructure products from Cisco and Juniper last month.

The DoS attacks last month would have allowed an attacker to reset or degrade an established Transmission Control Protocol (TCP) connection by spoofing Internet Control Message Protocol (ICMP) messages.

This could have implications for devices that require constant connections, such as routers that support BGP peering.

Without an IPS solution that offers immediate protection and works seamlessly with any vendor's networking equipment, enterprises must scramble to quickly deploy security patches for each individual product they use, and only when the vendor makes the patch available.

DoS attacks typically result in a loss or degradation of network connectivity or services. Customers using TippingPoint's IPS are protected from the new infrastructure attacks and other DoS attacks, regardless of the equipment used in their network.

Infrastructure protection for these ICMP attacks was delivered to TippingPoint customers with a new batch of security filters addressing the recently announced Microsoft vulnerabilities and DoS infrastructure attacks.

For customers with TippingPoint network-based protection, vulnerable infrastructure products are protected by the TippingPoint IPS. TippingPoint also protects other technologies affected including Microsoft, IBM and Sun Microsystems.

"Intrusion prevention is an important component of protecting critical network infrastructure," said TippingPoint's Director of Digital Vaccine David Endler. "By design, most infrastructure products are not dynamically or automatically updated, and therefore, require IT personnel to manually implement individual patches on affected machines once they are finally made available by an equipment vendor and only during pre-defined IT maintenance windows. Intrusion prevention is part of the network infrastructure and is able to protect against attacks on routers and switches immediately, when placed in front of such products."

The DoS attacks were disclosed through the Internet Engineering Task Force (IETF) document entitled "ICMP Attacks Against TCP (watersprings.org/pub/id/draft-gonttcpm-icmp-attacks-03.txt)."