From owner-freebsd-security Mon Dec 4 22: 5:10 2000 From owner-freebsd-security@FreeBSD.ORG Mon Dec 4 22:05:07 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (unknown [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id 1530F37B400; Mon, 4 Dec 2000 22:05:07 -0800 (PST) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id eB55YOQ95030; Mon, 4 Dec 2000 22:34:53 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id WAA67175; Mon, 4 Dec 2000 22:34:23 -0700 (MST) Message-Id: <200012050534.WAA67175@harmony.village.org> To: Alfred Perlstein Subject: Re: NAPTHA/RAZOR response. Cc: security@FreeBSD.ORG In-reply-to: Your message of "Mon, 04 Dec 2000 17:25:07 PST." <20001204172505.D8051@fw.wintelcom.net> References: <20001204172505.D8051@fw.wintelcom.net> Date: Mon, 04 Dec 2000 22:34:23 -0700 From: Warner Losh Sender: imp@harmony.village.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <20001204172505.D8051@fw.wintelcom.net> Alfred Perlstein writes: : Ok, I can't believe what a bunch of hosers these RAZOR/bindview : guys are, thier "advisory" is nothing new, there was a news article : about 3 years ago talking about this problem, all that RAZOR seems : to have done is find a pretty lame and broken way of spoofing the : source of the attack which doesn't really work. (it's trivial to : find the source of the attack) Yes. We pointed that out to them when they first sent us the attack. It just pulled together some interesting tricks that had been floating around for a while. The arp poisoning was particularly interesting, but requires a machine on the same ethernet segment to be compromised. But I never got a response to these points.... But with enough DDoS boxes, this can present a problem... Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message