Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 8 May 1999 10:08:45 +0100
From:      "Greg Quinlan" <greg@qmpgmc.ac.uk>
To:        <freebsd-stable@FreeBSD.ORG>
Cc:        <security@FreeBSD.ORG>
Subject:   Re: FreeBSD 3.1 remote reboot exploit (fwd)
Message-ID:  <005401be9932$60574860$380051c2@greg.qmpgmc.ac.uk>

next in thread | raw e-mail | index | archive | help
This sounds so.. so very familiar!!

I have been the target of exploits before......

The exact same thing I have been experiencing........but not for about 5
days now!

I'm not convinced its a pure exploit.. (i.e. a program specifically written
for the purpose)

Greg

-----Original Message-----
From: Karl Denninger <karl@Denninger.Net>
To: chris@calldei.com <chris@calldei.com>; Jordan K. Hubbard
<jkh@zippy.cdrom.com>
Cc: Mike Smith <mike@smith.net.au>; Seth <seth@freebie.dp.ny.frb.org>;
freebsd-stable@FreeBSD.ORG <freebsd-stable@FreeBSD.ORG>;
security@FreeBSD.ORG <security@FreeBSD.ORG>; jamie@exodus.net
<jamie@exodus.net>
Date: 04 May 1999 05:20
Subject: Re: FreeBSD 3.1 remote reboot exploit (fwd)


>On Mon, May 03, 1999 at 10:51:32PM -0500, Chris Costello wrote:
>> On Mon, May 3, 1999, Jordan K. Hubbard wrote:
>> > > I have to say that Jamie really let us down by not running a raw
>> > > tcpdump alongside the second targetted machine here.  Any chance of
>> > > provoking these people into "demonstrating" the exploit on a machine,
>> > > while another connected to the same wire is running
>> >
>> > I'd say he or whomever first reported this to bugtraq let us down even
>> > more by releasing an "advisory" in such an unknown and unverifyable
>> > state.  By doing so, all they've done is hand ammunition to the FUD
>> > corps and given us no reasonable chance to respond since the advisory
>>
>>    I get the impression that that was the whole point of the
>> bugtraq post, to give us more grief.
>
>Ding!
>
>Give that man a cigar.
>
>Anyone who saw this done to one machine and didn't *immediately* configure
>machine #2 to trap and trace on the second instance deserves raspberries -
>at a minimum.
>
>Its one thing to have it done "anyonmously" (among other things you might
>not be there when it goes "boom" under those conditions!)  Its another to
>have it done under controlled conditions and neither get an explanantion
>OR trap the condition that caused it yourself with a tcpdump trace.
>
>--
>--
>Karl Denninger (karl@denninger.net)  Web: fathers.denninger.net
>I ain't even *authorized* to speak for anyone other than myself, so give
>up now on trying to associate my words with any particular organization.
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message
>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005401be9932$60574860$380051c2>