The ThreatCon is currently at Level 1: Normal.
The ThreatCon is currently at level 1. On July 23, 2008, an exploit for the recent DNS cache-poisoning vulnerability was released for Metasploit. Given the ease with which the Metasploit framework and the associated exploit can be used, attacks are likely. This issue is known to affect many DNS implementations and allows an attacker to poison a server's DNS cache, subsequently causing victims to be directed to malicious sites when attempting to resolve legitimate sites. Patches for the vulnerability are available for most well-known DNS services. Administrators should ensure that their DNS servers are patched. Servers that are not patched should be patched as soon as possible, because there are few mitigating strategies for this issue. For more information, see the following Bugtraq entry: Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability (http://www.securityfocus.com/bid/30131/)
ThreatCon Level 1
Low : Basic network posture
This condition applies when there is no discernible network incident activity and no malicious code activity with a moderate or severe risk rating. Under these conditions, only a routine security posture, designed to defeat normal network threats, is warranted. Automated systems and alerting mechanisms should be used.
Low : Basic network posture
This condition applies when there is no discernible network incident activity and no malicious code activity with a moderate or severe risk rating. Under these conditions, only a routine security posture, designed to defeat normal network threats, is warranted. Automated systems and alerting mechanisms should be used.
ThreatCon Level 2
Medium : Increased alertness
This condition applies when knowledge or the expectation of attack activity is present, without specific events occurring or when malicious code reaches a moderate risk rating. Under this condition, a careful examination of vulnerable and exposed systems is appropriate, security applications should be updated with new signatures and/or rules as soon as they become available and careful monitoring of logs is recommended. Changes to the security infrastructure are not required.
Medium : Increased alertness
This condition applies when knowledge or the expectation of attack activity is present, without specific events occurring or when malicious code reaches a moderate risk rating. Under this condition, a careful examination of vulnerable and exposed systems is appropriate, security applications should be updated with new signatures and/or rules as soon as they become available and careful monitoring of logs is recommended. Changes to the security infrastructure are not required.
ThreatCon Level 3
High : Known threat
This condition applies when an isolated threat to the computing infrastructure is currently underway or when malicious code reaches a severe risk rating. Under this condition, increased monitoring is necessary, security applications should be updated with new signatures and/or rules as soon as they become available and redeployment and reconfiguration of security systems is recommended. People should be able to maintain this posture for a few weeks at a time, as threats come and go.
High : Known threat
This condition applies when an isolated threat to the computing infrastructure is currently underway or when malicious code reaches a severe risk rating. Under this condition, increased monitoring is necessary, security applications should be updated with new signatures and/or rules as soon as they become available and redeployment and reconfiguration of security systems is recommended. People should be able to maintain this posture for a few weeks at a time, as threats come and go.
ThreatCon Level 4
Extreme : Full alert
This condition applies when extreme global network incident activity is in progress. Implementation of measures in this Threat Condition for more than a short period probably will create hardship and affect the normal operations of network infrastructure.
Extreme : Full alert
This condition applies when extreme global network incident activity is in progress. Implementation of measures in this Threat Condition for more than a short period probably will create hardship and affect the normal operations of network infrastructure.