TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- > =============================================================== > > X-PRESS UPDATE 3.1 FOR NETWORK SENSOR NOW AVAILABLE! > > =============================================================== > > SUMMARY > > X-Press Update 3.1 for Network Sensor contains 28 new signatures > for high risk exploits including the vulnerability utilized > by the Code Red Worm. Of the new signatures included, 10 are for > 802.11 wireless LANs. This XPU also includes improvements to > existing signatures and several bug fixes. > > > APPLICATION PROTECTION > > - Web Servers. XPU 3.1 contains signatures to address high risk > vulnerabilities including HTTP_IIS_Index_Server_Overflow > (utilized by the Code Red Worm), HTTP_IIS_ISAPI_Printer_Overflow, > HTTP_IIS_Unicode_Translation, and HTTP_IIS_URL_Decoding. > > - Wireless. This XPU contains 10 signatures for 802.11 wireless LANs. > Also included are updates to the SNMP_Suspicious_Get and > SNMP_Suspicious_Set signatures to detect 12 additional events for > wireless LANs. > > > VERSIONS/PLATFORMS > > This XPU supports Network Sensor on Solaris, Windows NT, Windows 2000 > and the Nokia appliance platforms. Once this XPU has been applied, > all platforms will have the same coverage. > > This XPU supports both the 5.0 and 6.0 Network Sensor. However, each > requires a different XPU file. If your WorkGroup Manager has Internet > access, WGM will automatically select the correct files for the sensor > you choose to update. If you download the files from the download center > on the ISS web site, the file you should choose is dependent on the > Network Sensor versions in your environment. > > Please note that if you are in the process of upgrading and have a > mix of both versions, 6.0 Network Sensors must be updated by 6.0 > WorkGroup Managers. 5.0 Network Sensors can be updated by both 5.5 > and 6.0 WorkGroup Managers. > > > NEW SIGNATURES IN XPU 3.1 > > Event Name Risk Level SecChkID > --------------------------------------- ---------- -------- > Compaq_Insight_Cpqlogin_Overflow High 5935 > Compaq_Insight_DoS Medium 2259 > Compaq_Insight_Fileread Medium 2258 > Email_ExchangeStore_DoS Medium 5265 > Gauntlet_CyberDaemon_Overflow High 4503 > Gauntlet_ICMP_DoS High 3108 > HTTP_IIS_Index_Server_Overflow High 6705 > HTTP_IIS_ISAPI_Printer_Overflow High 6485 > HTTP_IIS_Unicode_Translation High 5377 > HTTP_IIS_URL_Decoding High 6534 > HTTP_PHPNuke_Admin_Access High 5108 > Lotus_Domino_SMTP_Overflow High 5993 > VNC_Detected Low 1894 > VNC_HTTP_Get_Overflow High 6026 > VNC_Login_Failed Medium 6425 > VNC_NoAuthentication Low 1988 > VNC_RFBConnFailed_Overflow High 6025 > HTTP_Windows_Executable High 6842 > > > NEW WIRELESS LAN SIGNATURES > > Event Name Risk Level SecChkID > --------------------------------------- ---------- -------- > HTTP_3com_AirConnect_EasySetup High 6456 > HTTP_3com_AirConnect_FilteringSetup High 6457 > HTTP_3com_AirConnect_FirmwareSetup High 6458 > HTTP_3com_AirConnect_ModemSetup High 6459 > HTTP_3com_AirConnect_RFSetup High 6460 > HTTP_3com_AirConnect_SecuritySetup High 6461 > HTTP_3com_AirConnect_SNMPSetup High 6462 > HTTP_3com_AirConnect_SpecialFunctions High 6463 > HTTP_3com_AirConnect_SystemSetup High 6464 > HTTP_Cisco_Aironet_Webconfig High 6465 > > The SNMP_Suspicious_Get and SNMP_Suspicious_Set signatures have > been updated to detect 12 additional events focused on > 802.11 wireless LAN access points. More information about these > are available in the ReadMe and in online help. > > Tagname OID Name > ------------------------------------ ------------------------------ > roamabout-secure-access-disabled RoamaboutSecureAccess > roamabout-console-password-disabled RoamaboutConsolePasswd > roamabout-wep-encryption-disabled RoamaboutEncryption > 3com-ap-default-ssid 3comAirConnectSSID > 3com-ap-accept-broadcast 3comAirConnectBroadcastSSID > 3com-ap-acl-disabled 3comAirConnectACL > 3com-ap-telnet-enabled 3comAirConnectTelnet > 3com-ap-avt-disabled 3comAirConnectACLViolationTrap > 3com-ap-avt-disabled 3comAirConnectSNMPTrap > cisco-aironet-broadcast-ssid AironetBroadcastSSID > ieee80211-ssid-access 80211SSID > ieee80211-wepkey-access 80211WEPKey > > > IMPROVED SIGNATURES IN XPU 3.1 > > Several signatures have been improved in this XPU: > > HTTP_Shells > HTTP_Head > Napster_Command_Long > NTP_Readvar_Overflow > HTTP_Cisco_Catalyst_Exec > Devil > DNS_TSIG_Overflow > Email_Outlook_Date_Overflow > RPC_snmpXdmid_Overflow > DNS Signatures > Stream_DoS > > This XPU also includes several bug fixes.
