Yong Zhou
Ixia Senior Systems Engineer
Blog

Shadow Brokers Leaks and Ixia ATI Update

August 25, 2016 by Yong Zhou

Background

Coming into the summer heat of August, one of the hottest topics circling the security world is The Shadow Brokers and their release of seemingly top-secret computer code suspected to be used by the National Security Agency (NSA) to break into networks of foreign governments and other espionage targets. Most of the code was designed to break through network firewalls and get inside computer systems of the targets. This, in turn, allows the attacker to place “implants” in the system, which can lurk unseen for years and be used to monitor network traffic or enable a debilitating computer attack.

If you’re responsible for network security and you Google “shadow brokers,” your internal alarms should be ringing…

shadow1

Actions

On Friday, August 19th, Cisco became the first major vendor publishing their security advisories addressing the vulnerabilities that could be exploited by the code released by The Shadow Brokers leak, called EPICBANANA and EXTRABACON Exploits.

This Wednesday morning (August 24th), Ixia’s ATI Research Center released its bi-weekly ATI update addressing the EXTRABACON exploit (CVE-2016-6366), which targets a buffer overflow vulnerability in Cisco SNMP code.

If you are a security engineer responsible for Firewall/IDS/IPS test/qualification, you’ll want to update your BreakingPoint StrikePack immediately and create a Smart Strikelist as shown below that includes all 2016 CVEs developed by the ATI team.

shadow2

A BreakingPoint security test against your firewall/IDS/IPS using this Smart Strikelist will not only keep your security test current but also make your test future-proof because is will be automatically updated to include new ATI Update items that relate to the list with a query such as “Year:2016”.

Please stay tuned, there will be more to come to address the  known vulnerabilities exposed by this leak in the coming ATI updates. As long as you keep your StrikePack current, your test will automatically refresh with the Smart Strikelist created above. What a time saving!

For further StrikePack details, please download the release notes of the ATI update 278632. For information about Ixia ATI research center and what we do, please visit Ixia ATI blogs.

Leverage Subscription Service to Stay Ahead of Attacks

The Ixia BreakingPoint Application and Threat Intelligence (ATI) Subscription provides bi-weekly updates of the latest application protocols and attacks for use with Ixia platforms.