From owner-freebsd-security Tue Dec 5 8: 5:53 2000 From owner-freebsd-security@FreeBSD.ORG Tue Dec 5 08:05:50 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220]) by hub.freebsd.org (Postfix) with ESMTP id A078737B400 for ; Tue, 5 Dec 2000 08:05:49 -0800 (PST) Received: from [127.0.0.1] (helo=softweyr.com ident=Fools trust ident!) by homer.softweyr.com with esmtp (Exim 3.16 #1) id 143KeJ-0000Om-00; Tue, 05 Dec 2000 09:08:59 -0700 Sender: wes@FreeBSD.ORG Message-ID: <3A2D131B.2548F379@softweyr.com> Date: Tue, 05 Dec 2000 09:08:59 -0700 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: John Howie Cc: "David G. Andersen" , freebsd-security@FreeBSD.ORG Subject: Re: Fw: NAPTHA Advisory Updated - BindView RAZOR References: <200012050043.RAA27046@faith.cs.utah.edu> <011701c05e5a$bcfb3060$fd01a8c0@pacbell.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org John Howie wrote: > > David Andersen wrote: > > > This isn't a FreeBSD failure per se, but a resource control > > failure. Whether you want to point a finger at FreeBSD, ssh, or the > > operator of the box is entirely up to you. :-) > > > > I'm afraid I disagree - this is not purely a daemon problem. I wonder if you > had time to read the whole advisory for the FreeBSD information near the end > of the report (I've included it below). I'm sure he, just as I, read it and found it to report only daemon attacks: > > > > FreeBSD - FreeBSD 4.0-REL > > > > > > > > In testing FreeBSD, a few specific > > > > daemons/ports were targeted. For some, the > > > > stability of the system as a whole can be > > > > affected. The daemons targeted in this > > > > testing are not necessarily at fault for > > > > the problems encountered. > > > > > > > > SSH: > > > > > > > > NFS: > > > > > > > > BIND: > > > > > > > > Note: These services/ports can be > > > > similarly affected on other Linux and UNIX > > > > variants. > > If a daemon becomes unusable because it is subject to attack then that is, > while not ideal, at least tolerable. When the whole system becomes unusable > that points to problems in the kernel. They don't substantiate their vague claim of "the stability of the system as a whole can be affected." All of the specific instances they do list ARE daemon attacks. On the other hand, if they are attacking NFS, I can certainly see that making the system somewhat unstable, but it is better in 4.2. As David pointed out, NFS is usually NOT exposed outside your firewall. You do have a firewall, don't you? ;^) -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message