From owner-freebsd-security Wed Aug 12 17:52:19 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA12815 for freebsd-security-outgoing; Wed, 12 Aug 1998 17:52:19 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from banshee.cs.uow.edu.au (banshee.cs.uow.edu.au [130.130.188.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA12807 for ; Wed, 12 Aug 1998 17:52:14 -0700 (PDT) (envelope-from ncb05@banshee.cs.uow.edu.au) Received: (from ncb05@localhost) by banshee.cs.uow.edu.au (8.9.1/8.9.1) id KAA21832; Thu, 13 Aug 1998 10:51:28 +1000 (EST) Date: Thu, 13 Aug 1998 10:51:28 +1000 (EST) From: Nicholas Charles Brawn X-Sender: ncb05@banshee.cs.uow.edu.au To: Brett Glass cc: freebsd-security@FreeBSD.ORG Subject: Re: UDP port 31337 In-Reply-To: <199808121700.LAA00346@lariat.lariat.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 12 Aug 1998, Brett Glass wrote: > If someone's trying to BO you, they deserve worse. > > How about a daemon that sends fatal packets back TO the machine running BO? > I'm sure that these punks haven't protected their code adequately against > buffer overflows, etc. > > --Brett The company formerly known as SNI (now integrated into NAI) wrote a paper on Intrusion Detection Systems a while ago which discouraged this attitude. Their argument focused on the fact that what if someone *knows* that this is the response that will be sent if your daemon detects a connection attempt. Don't forget how easily udp packets can be forged... Nick -- Email: ncb05@uow.edu.au - http://rabble.uow.edu.au/~nick Key fingerprint = DE 30 33 D3 16 91 C8 8D A7 F8 70 03 B7 77 1A 2A "When in doubt, ask someone wiser than yourself..." -unknown To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message