Bugtraq mailing list archives
Re: ISS Response to Fate Research Labs RealSecure Advisory
From: Loki <loki.loa () SUBDIMENSION COM>
Date: Mon, 6 Nov 2000 22:13:30 -0800
XForce-- I am completely at loss of words concerning your response and the actual facts from the situation. We made 3 separate phone calls to your support hotline to speak to a technician regarding this matter. After going completely ignored, after being promised that we would be called back regarding the matter and weren't, we warned of the creation of this advisory. NO ONE in your technical support group knew anything about the ability to detect Unicode and RDS. This advisory with incorrect information is the fault of your support group and their lack of knowledge with your product. We take no responsibility over this due to our multiple attempts at finding out HOW to get RealSecure to log our RDS/Unicode attacks on the remote network. Next time you post something like this, we suggest you follow proper procedures to check your call center databases of any calls regarding the matter. Don't insult me or this team by going as far as making accusations that we did not follow proper procedures in open disclosure, something we follow religiously. If you even record the phone conversations of your technicians, you will find that a technician even told me one could not write his own signature for RDS and add it to RealSecure. We have been completely misrepresented in your response, which I resent greatly. Our team wanted to resort to this due to the fact that X-Press Update and an upgrade to 5.0 did not detect our RDS attack on the remote network. We urge you to practice more care before making the aforementioned accusations. Loki Founder F8 Research Labs -----Original Message----- From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of X-Force Sent: Monday, November 06, 2000 5:05 PM To: BUGTRAQ () SECURITYFOCUS COM Subject: ISS Response to Fate Research Labs RealSecure Advisory -----BEGIN PGP SIGNED MESSAGE----- Multiple Flaws in Fate Research Labs RealSecure Product Analysis November 6, 2000 Internet Security Systems, Inc. Response to RealSecure Advisory - Fate Research Labs (11-01-00) Synopsis: Fate Research Labs released a recent product analysis posted to the BugTraq mailing list describing three perceived issues in the RealSecure product. ISS believes that all of these issues were reported in error. Description: The message incorrectly states that ISS RealSecure does not support user-defined signatures. ISS RealSecure has supported user-defined signatures since version 3.1, released in June 1999. ISS X-Force has released numerous security advisories and alerts that contain user-defined signatures. Their analysis incorrectly claims that ISS RealSecure does not detect the very common IIS/RDS security vulnerability discovered by Rain Forest Puppy. ISS X-Force released a security alert with a description of this vulnerability and a user-defined signature for detection of this vulnerability on August 9, 1999. On a related note, the message incorrectly claims that ISS RealSecure does not contain detection support for the much-publicized IIS Unicode vulnerability affecting IIS versions 4 and 5. ISS X-Force released a security alert describing this vulnerability on October 26, 2000. This X-Force alert also contains a user-defined signature to detect this vulnerability. The last portion of the message states that it is possible to detect the RealSecure engine by looking for a listening TCP port 2998. The TCP port used for RealSecure console communications is user definable to any TCP port. In addition, ISS recommends that all RealSecure customers configure RealSecure consoles in stealth mode, which prevents RealSecure detection. Internet Security Systems has released new detection capabilities in X-Press Updates for the ISS SAFEsuite family of products for over a year. Recommendations: ISS X-Force recommends that all RealSecure customers configure the user-defined signatures as described in the advisories below. ISS X-Force was not contacted by Fate Research Labs to review their product analysis prior to posting to BugTraq. Please report all ISS security-related issues to xforce () iss net. References: User-defined signature for RDS hole, August 9, 1999: http://xforce.iss.net/alerts/advise32.php User-defined signature for Unicode hole, October 26, 2000: http://xforce.iss.net/alerts/advise68.php - --------- Copyright (c) 2000 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce () iss net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. -----BEGIN PGP SIGNATURE----- Version: PGP 6.5 iQCVAwUBOgdBRDRfJiV99eG9AQEDfAP+IfzzIRVASCLlVh8VmGi0u7bF9CqJjuoQ L6J3mb3cQuh72zhAqinS9EVjwkYzNla9QyCE4Hfq08Mn67nygTYy2RPViHxEuz/l gBe37gOFcrBYQsXVLaeFoiNbf/6yvN0Og+hqhzkh52mSYmyw+epQsiztNIJAMA5X Okw5tDgwprE= =KmHo -----END PGP SIGNATURE-----
Current thread:
- ISS Response to Fate Research Labs RealSecure Advisory X-Force (Nov 07)
- Re: ISS Response to Fate Research Labs RealSecure Advisory Loki (Nov 08)