Date: Wed, 5 May 1999 17:48:32 -0500 From: Jamie Rishaw <jamie@arpa.com> To: Karl Denninger <karl@Denninger.Net> Cc: chris@calldei.com, "Jordan K. Hubbard" <jkh@zippy.cdrom.com>, Mike Smith <mike@smith.net.au>, Seth <seth@freebie.dp.ny.frb.org>, freebsd-stable@FreeBSD.ORG, security@FreeBSD.ORG, jamie@exodus.net Subject: Re: FreeBSD 3.1 remote reboot exploit (fwd) Message-ID: <19990505174832.A41704@rage.arpa.com> In-Reply-To: <19990503231813.A11570@Denninger.Net>; from Karl Denninger on Mon, May 03, 1999 at 11:18:13PM -0500 References: <199905040140.SAA01305@dingo.cdrom.com> <30986.925789368@zippy.cdrom.com> <19990503225131.I10291@holly.dyndns.org> <19990503231813.A11570@Denninger.Net>
next in thread | previous in thread | raw e-mail | index | archive | help
Actually, I'm not on any fbsd mail lists, and I'm in the process of moving from Chicago to LA. This is the first time I've been on my mail in quite a while. (Days). I'll get a tcpdump some time when I can get someone to reset a box, but it's not exactly on my list of priorities to have production boxen of mine rebooted mid-stream. I'm perhaps the biggest fbsd proponent in my company.. I did not intend to slander or annoy anyone,. rather, to get people out trying to figure out what the exploit is, and get to work. For everyone's info, the boxen were rebooted first, then responsibility was claimed later. I didn't know of these attacks until after they were done. As far as "the second machine", the second machine is one of several machiens. The second machine is in a different physical location, different backbone, different hardware. It does about two megabits/sec, so running a blind "tcpdump" is really not possible. Any flames from this will be /dev/null'd. I'm not out to fight with anyone about anything. No time. -jamie On Mon, May 03, 1999 at 11:18:13PM -0500, Karl Denninger wrote: > On Mon, May 03, 1999 at 10:51:32PM -0500, Chris Costello wrote: > > On Mon, May 3, 1999, Jordan K. Hubbard wrote: > > > > I have to say that Jamie really let us down by not running a raw > > > > tcpdump alongside the second targetted machine here. Any chance of > > > > provoking these people into "demonstrating" the exploit on a machine, > > > > while another connected to the same wire is running > > > > > > I'd say he or whomever first reported this to bugtraq let us down even > > > more by releasing an "advisory" in such an unknown and unverifyable > > > state. By doing so, all they've done is hand ammunition to the FUD > > > corps and given us no reasonable chance to respond since the advisory > > > > I get the impression that that was the whole point of the > > bugtraq post, to give us more grief. > > Ding! > > Give that man a cigar. > > Anyone who saw this done to one machine and didn't *immediately* configure > machine #2 to trap and trace on the second instance deserves raspberries - > at a minimum. > > Its one thing to have it done "anyonmously" (among other things you might > not be there when it goes "boom" under those conditions!) Its another to > have it done under controlled conditions and neither get an explanantion > OR trap the condition that caused it yourself with a tcpdump trace. > > -- > -- > Karl Denninger (karl@denninger.net) Web: fathers.denninger.net > I ain't even *authorized* to speak for anyone other than myself, so give > up now on trying to associate my words with any particular organization. -- jamie rishaw <jamie@arpa.com> "Ammo, 200 rounds: $75. Semi-Automatic Rifle: $675. Ski-Mask: $10. Kenneth Cole Trench Coat: $400. Look on classmate's face just before you blow his brains out: Priceless. .. In the Colorado school system, you can risk losing your life, but they don't take any card from American Express. Visa -- it's everywhere you want to be." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990505174832.A41704>