From owner-freebsd-security Mon Dec 4 22:17:44 2000 From owner-freebsd-security@FreeBSD.ORG Mon Dec 4 22:17:42 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id BA87937B400 for ; Mon, 4 Dec 2000 22:17:42 -0800 (PST) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id eB56Hfw02983; Mon, 4 Dec 2000 22:17:41 -0800 (PST) Date: Mon, 4 Dec 2000 22:17:41 -0800 From: Alfred Perlstein To: Warner Losh Cc: security@FreeBSD.ORG Subject: Re: NAPTHA/RAZOR response. Message-ID: <20001204221741.G8051@fw.wintelcom.net> References: <20001204172505.D8051@fw.wintelcom.net> <200012050534.WAA67175@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200012050534.WAA67175@harmony.village.org>; from imp@village.org on Mon, Dec 04, 2000 at 10:34:23PM -0700 Sender: bright@fw.wintelcom.net Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Warner Losh [001204 22:05] wrote: > In message <20001204172505.D8051@fw.wintelcom.net> Alfred Perlstein writes: > : Ok, I can't believe what a bunch of hosers these RAZOR/bindview > : guys are, thier "advisory" is nothing new, there was a news article > : about 3 years ago talking about this problem, all that RAZOR seems > : to have done is find a pretty lame and broken way of spoofing the > : source of the attack which doesn't really work. (it's trivial to > : find the source of the attack) > > Yes. We pointed that out to them when they first sent us the attack. > It just pulled together some interesting tricks that had been floating > around for a while. The arp poisoning was particularly interesting, > but requires a machine on the same ethernet segment to be compromised. > But I never got a response to these points.... > > But with enough DDoS boxes, this can present a problem... Honestly I had been sitting on the "response" sploit for about a week or so. I had already heard that they were going to release something like this and sent something like it to the person that informed me. Anyhow, after a week I thought that they realized how lame the advisory was and weren't going to release it, but some people... -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message