The National Infrastructure Protection Center (NIPC) is releasing this notice to provide system administrators developing information about a potential new network security vulnerability. The NIPC is still reviewing this information both for accuracy and to determine the level of threat. Further . . .
The National Infrastructure Protection Center (NIPC) is releasing this notice to provide system administrators developing information about a potential new network security vulnerability. The NIPC is still reviewing this information both for accuracy and to determine the level of threat. Further information will be provided, as it becomes available. This assessment only applies to those networks that use an Intrusion Detection System (IDS). As always, users are advised to keep their software current by checking their vendors' websites frequently for new updates, and to check for alerts put out by NIPC, CERT/CC, and other cognizant organizations.

Initial reports indicate that a software package has been identified which, if used maliciously, may disable a victim's computer or network's IDS by flooding it with Internet traffic emanating from several random Internet Protocol (IP) addresses simultaneously. The attack attempts to flood a targeted network or computer with too many "false positives" for IDSs to handle, thereby potentially causing the IDS to become inoperative. Once this is accomplished, a hacker might try to take advantage of the failed IDS to locate and exploit an unrelated vulnerability on the victim's system, perhaps with the goal of seeking root access.

The link for this article located at NIPC is no longer available.