From owner-freebsd-security  Wed Aug 12 08:36:06 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA12179
          for freebsd-security-outgoing; Wed, 12 Aug 1998 08:36:06 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from stennis.ca.sandia.gov (stennis.ca.sandia.gov [146.246.243.44])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA12120
          for <freebsd-security@FreeBSD.org>; Wed, 12 Aug 1998 08:36:04 -0700 (PDT)
          (envelope-from bmah@stennis.ca.sandia.gov)
Received: (from bmah@localhost)
	by stennis.ca.sandia.gov (8.9.1/8.9.1) id IAA17703;
	Wed, 12 Aug 1998 08:35:30 -0700 (PDT)
Message-Id: <199808121535.IAA17703@stennis.ca.sandia.gov>
X-Mailer: exmh version 2.0.2 2/24/98
To: Marius Bendiksen <Marius.Bendiksen@scancall.no>
Cc: bmah@california.sandia.gov, freebsd-security@FreeBSD.ORG
Subject: Re: UDP port 31337 
In-Reply-To: Your message of "Wed, 12 Aug 1998 17:12:53 +0200."
             <3.0.5.32.19980812171253.00964bc0@mail.scancall.no> 
From: bmah@CA.Sandia.GOV (Bruce A. Mah)
Reply-To: bmah@CA.Sandia.GOV
X-Face: g~c`.{#4q0"(V*b#g[i~rXgm*w;:nMfz%_RZLma)UgGN&=j`5vXoU^@n5<Pi&akO)o^8;[r
 %l(8ZHlbF`dD>v4:OO)c["!w)nD/!!~e4Sj7LiT'6*wZ83454H""lb{CC%T37O!!'S$S&D}sem7I[A
 2V%N&+
X-Url: http://www.ca.sandia.gov/~bmah/
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_808271632P";
	 micalg=pgp-md5; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Wed, 12 Aug 1998 08:35:30 -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

--==_Exmh_808271632P
Content-Type: text/plain; charset=us-ascii

If memory serves me right, Marius Bendiksen wrote:

> But, as you pointed out, I didn't suggest this. What I suggested was
> simulating
> the presence of exploitable features in the system, and logging attempts to
> use
> such exploits.

Presumably with humans in the loop at some level, was my main point here, that 
was all.

[snip]

> ich would have configurable attack-report levels and responses. If
> someone is
> trying to do the BO equivalent of rm -rf / on your system, they're
> attacking. I
> will *not* be convinced that they  actually tried such a thing as _that_ to
> get
> a free PGP cracker ;)

Or they were tricked into it by another Trojan horse.  But you're quite right, 
I'm *much* less likely to believe that someone apparently trying a BO attack 
was "just testing" or some nonsense like that, compared to someone doing a 
telnet.

Cheers,

Bruce.




--==_Exmh_808271632P
Content-Type: application/pgp-signature

-----BEGIN PGP MESSAGE-----
Version: 2.6.2

iQCVAwUBNdG2QqjOOi0j7CY9AQFpwAP/ZubW0GWqvcQXDbCuPZjyU6aNiFjVbP3P
D5gUKrsRRoKfuK+HLHGVieV5X2d3c7v5tMnw931W6MuCbmVO82rQDGkoJ1NLFWuy
ds+yOSdzhCA4qu2ZY4N+ayMpNaX77aFhzYrqVW7cwnRdcj53TaZlFZTaVk1EylR3
e1/pkFeGSmQ=
=ti1m
-----END PGP MESSAGE-----

--==_Exmh_808271632P--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message