July 23, 2003

The Sleuth9 Security System stops IPv4 attacks on Cisco routers

DALLAS, TEXAS - DeepNines Technologies, a leading enterprise network security company, today announced its Sleuth9 Security System instantly stops the latest IPv4 exploit of Cisco routers running IOS software. The IPv4 vulnerability announced by Cisco Systems last week has left organizations, without Sleuth9, susceptible to denial-of-service attacks and rushing to either update routers or implement workarounds that greatly impact network performance. This vulnerability may be exploited repeatedly, resulting in loss of network availability. Companies and managed service providers that have deployed Sleuth9, in front of the router, have not and will not experience the costly impact of the IPv4 exploit.

The Cisco router is configured to process and accept Internet Protocol version 4 (IPv4) packets by default. A router receiving IPv4 packets with protocol types of 53 (SWIPE), 55 (IP Mobility), or 77 (Sun ND), all with Time-to-Live (TTL) values of 1 or 0, and 103 (Protocol Independent Multicast - PIM) with any TTL value, can force the router to incorrectly flag the input queue as full. A full input queue stops the router from processing inbound traffic and may cause routing protocols to drop due to dead time. No alarms will be triggered, nor will the router reload to correct itself. Once a router has been attacked, IT professionals must manually reboot and reconfigure the router to get it back online.

The Sleuth9 Security System has the ability to stop these types of attacks because it can identify, monitor and control all ports and protocols. With this packet management functionality located in front of the router, Sleuth9 can prevent attacks on any router when either TCP or IP protocols are used. In the case of the IPv4 exploit, the non-TCP protocols identified above are automatically recognized and blocked by Sleuth9 based on its default settings; preventing the exploit from reaching the input interface of the router, thus preventing the denial of service.

While DeepNines customers are protected from this and other serious attacks, IPv4 and future vulnerabilities will continue to cost corporations millions of dollars if they do not deploy Sleuth9 in front of the router.

"We looked at several solutions that sat behind the router and decided they could not serve as our primary perimeter defense system. The recent IPv4 exploit has validated our decision to deploy Sleuth9," stated Tony La Rosa, Vice President of IT at Celerity.

The Sleuth9 Security System is a proactive, intelligent, intrusion prevention and anti-virus solution specifically designed to stop complex, blended threats. Sleuth9 sits invisible, in front of the router and evaluates all network traffic, both ingress and egress, at the packet level, to determine what is valid and what is malicious. Sleuth9 detects and automatically prevents cyber attacks from entering or leaving a network by forming a new perimeter of defense against DoS, DDoS, port scans, Trojan horses, self-propagating attacks, worms and viruses as well as other attacks launched from infected internal or external computers. Sleuth9 can be deployed at the perimeter of the network or in front of other likely targets such as web servers, mail servers, application servers, etc.

"Hackers continue to develop simple but damaging network attacks that can cripple entire networks," said Dan Jackson, DeepNines' president and COO. "Routers have had security vulnerabilities in the past and there will be more identified in the future. The costs companies incur as a result of these security vulnerabilities include network downtime, man-hours and opportunity costs. With Sleuth9, we stop Denial of Service (DOS) and other attacks before they reach the router, providing companies with a new level of perimeter security."

"We encourage our customers to take a layered approach to their network security," stated Jonathan Smith, Civilian Director, Computing Systems, Northrop Grumman Information Technology. "The recent vulnerability that can impact network routers reinforces our belief in perimeter security."

For more information regarding the purchase and availability of The Sleuth9 Security System, please call Northrop Grumman Information Technology at 240-684-6300.

About Deep Nines Inc. DeepNines offers a scalable security platform for Global 2000 companies with a vertical market focus in education, government, telecommunications, energy and financial services. The DeepNines Security Edge PlatformT integrates intelligent firewall, intrusion prevention, best-of-breed secure content management, forensics and reporting. It operates outside the network infrastructure, improving organizations' security "deep into the nines." DeepNines' Security Edge Platform, the company's patent-pending security system, is a fully automated signature and behavior-based, intrusion prevention and traffic management system preventing known and unknown attacks from entering an organization's network. The Security Edge Platform runs on Solaris and Linux platforms from Sun Microsystems. To learn more about Deep Nines visit www.deepnines.com.