Symantec ThreatCon
The ThreatCon is currently at Level 1: Normal.
The ThreatCon is currently at level 1.
On July 23, 2008, an exploit for the recent DNS cache-poisoning vulnerability was released for Metasploit. Given the ease with which the Metasploit framework and the associated exploit can be used, attacks are likely. This issue is known to affect many DNS implementations and allows an attacker to poison a server's DNS cache, subsequently causing victims to be directed to malicious sites when attempting to resolve legitimate sites.
Patches for the vulnerability are available for most well-known DNS services. Administrators should ensure that their DNS servers are patched. Servers that are not patched should be patched as soon as possible, because there are few mitigating strategies for this issue.
For more information, see the following Bugtraq entry:
Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability
(http://www.securityfocus.com/bid/30131/)
Symantec ThreatCon Rating
The Symantec ThreatCon rating is a measurement of the global threat exposure, delivered as part of Symantec DeepSight Threat Management System.
ThreatCon Level 1
Low : Basic network posture
This condition applies when there is no discernible network incident activity and no malicious code activity with a moderate or severe risk rating. Under these conditions, only a routine security posture, designed to defeat normal network threats, is warranted. Automated systems and alerting mechanisms should be used.
View ThreatCon Definitions
Symantec DeepSight Threat Management System tracks security events on a global basis, providing early warning of active attacks. With personalized notification triggers and expert analysis, the system enables enterprises to prioritize IT resources in order to better protect critical information assets against a potential attack. To track security threats, it continuously correlates IDS and firewall attack data from the security systems of over 20,000 partners in over 180 countries, plus virus statistics from the Symantec Digital Immune System and many other human intelligence resources. Experts at Symantec analyze the information to identify active attacks and deliver advanced warning with actionable analyses and countermeasures.
