Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

PB#1061: IPS State Preservation

    • Updated:
    • 15 Jun 2016
    • Product/Version:
    • TippingPoint IPS N-series All
    • TippingPoint IPS NX-series All
    • TippingPoint IPS S-series All
    • TippingPoint NGFW All
    • TippingPoint TPS All
    • TippingPoint Virtual TPS All
    • Platform:
Summary
An issue has been identified in the IPS state engine, where under extreme load conditions, the preservation of state could be lost.
Details
Public
Product Bulletin #: 1061

Subject: IPS State Preservation Issue

Date of Announcement: June 15, 2016

During product testing, an issue has been identified in the IPS state engine, where under extreme load conditions, the preservation of state could be lost resulting in the potential for the IPS engine to be bypassed for certain crafted attack techniques.

Affected Products
PlatformAffected TOS Version
TippingPoint 660N/1400NTOS 3.8.3 build 4493 and earlier
TippingPoint 2500N/5100N/6100NTOS 3.8.3 build 4493 and earlier
TippingPoint NX (all models)TOS 3.8.3 build 4493 and earlier
TippingPoint 10/110/330TOS 3.6.5 build 4124 and earlier
TippingPoint TPS 440T/2200TTOS 4.1.0 build 4472 and earlier
TippingPoint vTPS StandardTOS 4.0.1 build 4335 and earlier
TippingPoint NGFW (all models)TOS 1.2.2 build 4354 and earlier

Details
The IPS utilizes a state preservation engine which tracks each flow through the device for the duration of that connection. Under extreme concurrent connection loads, as the device approaches its supported limits, some connection resources may be reclaimed. An issue has been identified where under this load condition, the IPS evasion engine can become less effective at identifying more complex types of evasion techniques.

Recommended Action
For customers who operate their IPS near its maximum concurrent connection limit, TippingPoint recommends upgrading to the latest build:
 
PlatformRecommended TOS Version
TippingPoint 660N/1400NTOS 3.8.4 build 4494
TippingPoint 2500N/5100N/6100NTOS 3.8.4 build 4494
TippingPoint NX (all models)TOS 3.8.4 build 4494
TippingPoint 10/110/330TOS 3.6.6 build 4140
TippingPoint TPS 440T/2200TTOS 4.1.1 build 4841
TippingPoint vTPS StandardTo be released on or before June 21, 2016
TippingPoint NGFW (all models)To be released on or before June 21, 2016

Customers are advised to plan to upgrade to the latest version of non-impacted software at their earliest convenience.

If you have concerns or further questions regarding this issue, contact the Trend Micro TippingPoint Technical Assistance Center (TAC).

Thank you,
Trend Micro™ TippingPoint

For updated contact information, please click here.

 
© Copyright 2018 Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro logo, TippingPoint, the TippingPoint logo, and Digital Vaccine are trademarks or registered trademarks of Trend Micro Incorporated. TippingPoint Reg. U.S. Pat. & Tm. Off. The information is provided "as is" without warranty of any kind and is subject to change without notice. The only warranties for Trend Micro products and services are set forth in the express warranty statements accompanying such products and services. nothing herein should be construed as constituting an additional warranty. Trend Micro shall not be liable for technical or editorial errors or omissions contained herein.
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000118087
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.