Posts Tagged ‘DoS’

Cisco CallManager Vulnerabilities

Cisco announced this week that their Cisco Unified CallManager and Cisco Unified Presence Servers are vulnerable to remote attacks by using specially crafted ICMP and UDP packets. Cisco has already released patches for them, here.

CallManager servers, which process VoIP calls on a network, can be crashed by sending attack traffic to TCP ports 2000 or 2443 to the server; these ports are used by Cisco’s proprietary call control protocols ? Skinny Call Control Protocol (SCCP, or “Skinny”) and Secure SCCP. This vulnerability exists in CallManager versions 3.x, 4.x and 5.0 (CUCM 6.0, the latest version (announced this month), is not affected, nor is the Presence Server).

Cisco says CallManager and the Presence Server are affected by attacks involving floods of ICMP Echo Requests (pings), or specially crafted UDP packets. The ping-flood vulnerability, which affects only CallManager 5.0 and Presence Server 1.x, could be used to crash call-processing or presence services on the respective servers.

The UDP vulnerability affects the IPSec Manager Service on CallManager and Presence Server, which uses UDP Port 8500. With this less severe vulnerability, an attack could not stop calls from being placed or received on a Cisco VoIP network, but could cause the loss of some features, such as the ability to forward calls or deploy configuration changes to clusters of CallManager and Presence Servers. Source: Cisco VoIP and presence servers vulnerable to new attacks

If you don’t want to load the patches yet, you can block these things at your router on the outside connections to your networks.

Permit TCP Port 2000 (SCCP) and TCP Port 2443 (Secure SCCP) to CallManager systems only from VoIP endpoints.

ICMP Echo Requests, Type 8, should be blocked for CallManager and Presence Server systems (although this could affect network management applications and troubleshooting).

UDP Port 8500 for IPSec Manager should be permitted only between CallManager/Presence Server systems configured in a cluster deployment.

The Register says,

CallManager versions 3.3, 4.1, 4.2 and 5.0, as well as Presence Server version 1.0, are affected by a number of security bugs. The vulnerabilities involve unspecified errors in the handling of large amounts of ICMP Echo packets and within IPSec Manager service, both of which might be used to launch denial of service attacks against vulnerable Cisco Unified CallManager and Presence Server software installations.

A separate bug means that CallManager software PBX systems might be taken down by port scanning. Source: Cisco wraps up against VoIP DoS bugs

Be the first to comment - What do you think?  Posted by Jimmy Daniels - March 30, 2007 at 7:25 pm

Categories: Cisco, VoIP   Tags: , , , , ,

Internet Security Threat Report and How to Avoid Most Threats

Symantec has released the latest copy of their Internet Security Threat Report, and, not surprisingly, the nature of the threats are becoming more economical in nature. As more and more criminal activity moves to the web, it will just keep getting worse and worse, it’s too easy for people to take advantage of other people in today’s internet, I can make a fake email right now for paypal and spam it around the internet and probably have people’s login details the first day, and I’ve never, ever done anything like that before, that’s how easy it is. It’s way to easy to fashion a piece of spyware as well, distribute it through security holes and other bad websites across the web and be knocking down great money in no time.

The Symantec Internet Security Threat Report offers analysis and discussion of threat activity over a six-month period. It covers Internet attacks, vulnerabilities, malicious code, and future trends. The latest report, released March 7, is now available.

This volume of the Internet Security Threat Report offers an overview of threat activity that took place between July 1 and December 31, 2005. In this edition, the new threat landscape is shown to be increasingly dominated by attacks and malicious code that are used to commit cyber crime, criminal acts that incorporate a computer or Internet component. Attackers have moved away from large, multipurpose attacks on network perimeters and toward smaller, more focused attacks on client-side targets.

The threat landscape is coming to be dominated by emerging threats such as bot networks and customizable modular malicious code. Targeted attacks on Web applications and Web browsers are increasingly becoming the focal point for cyber criminals. Whereas traditional attack activity has been motivated by curiosity and a desire to show off technical virtuosity, many current threats are motivated by profit. They often attempt to perpetrate criminal acts, such as identity theft, extortion, and fraud, for financial gain.

Over the last six months of 2005, Symantec detected an average of 1,402 Denial of Service (DoS) attacks per day. This is an increase of 51 percent from the first half of 2005, when Symantec detected an average of 927 DoS attacks per day. Source: Symantec.

I wish I could teach everyone how to use the internet in one big session, but I’ll try to do as many here as I can.

1) Never, ever click on any links in your emails, like the ones you get from eBay and paypal, etc, always type it in the address bar in internet explorer or fire fox, or whatever browser you are using. It’s way to easy to make a fake email that looks like it came from paypal, you click on a link and try to login to a website that looks like paypal, and they have your paypal info right then and can start spending your money immediately.

2) You can see exactly where a link goes on any webpage, all you have to do is hold down the mouse button when you click on a link, and you can see where the link goes in the bottom of internet explorer, if you want to go there, simply release the button, if you don’t, keep the button held down and slide your mouse away from the link, and it will not cause the click to happen.

3) Nothing is free on the internet, it will cost you in some way. Most, not all, but most, free screensaver sites load some form of adware or spyware if it doesn’t cost you anything to purchase it. A lot of game sites, and celebrity sites will do the same thing, as they have to pay for all the bandwidth they are using.

4) When installing software, there is always a license agreement, read it. I know, I know, no one reads these things, but at least scan through them as they are supposed to list in it if they install any other software.

5) Do NOT forward anything that says forward to everyone or ten people or whatever. None of it works, none of it is true, it’s sole reason for existing is to waste bandwidth, and that is exactly what happens when you forward this latest email to everyone you know.

6) When posting on forums or wherever, do a search while you are there first, if it is a common question, the answers will already be there and no one will be calling you noob or newbie and telling you to search for the answer first.

7) Don’t believe everything you read, even the big news sites get things wrong some days, although they are usually the most trustworthy, just like this site. ;)

8) If you like a site, support it by buying stuff through their links, or donating if they have a donate button. It does cost money to run a website, and the more popular it is, the more expensive it is.

9) Always have an anti virus program and an anti spyware program, the ones I like are Panda for anti virus, that link is for their free online scan, and X-Cleaner for anti spyware.

10) If you use a peer to peer network to get music, movies, whatever, you will end up with loads of spyware and you may get caught and possibly fined by the RIAA, or whoever is trying to stop the file sharing now. You have been warned.

Of course, these are for newbie?s and non technical people, if you know anything about computers, then you probably already know these.

Symantec’s latest Internet Security Threat Report, to be issued on March 7, 2006, analyzes data collected from over 24,000 security devices deployed in over 180 countries. It covers the six-month period from July 1 ? December 31, 2005 and includes analysis of network-based attacks, a review of known vulnerabilities, highlights of Adware, Spyware, and malicious code, an analysis of Spam and Phishing data and a forward looking analysis in Future Watch.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - March 9, 2006 at 12:10 pm

Categories: Reviews, Spyware Info, Tech News, Virus Info   Tags: , , , , , , ,