From owner-freebsd-current Tue Nov 23 12:23:51 1999 Delivered-To: freebsd-current@freebsd.org Received: from laurasia.com.au (lauras.lnk.telstra.net [139.130.93.142]) by hub.freebsd.org (Postfix) with ESMTP id 4176515073 for ; Tue, 23 Nov 1999 12:23:44 -0800 (PST) (envelope-from mike@laurasia.com.au) Received: (from mike@localhost) by laurasia.com.au (8.9.1a/8.9.1) id EAA19557; Wed, 24 Nov 1999 04:22:57 +0800 (WST) From: Michael Kennett Message-Id: <199911232022.EAA19557@laurasia.com.au> Subject: Re: FreeBSD security auditing project. In-Reply-To: <199911231905.VAA80946@gratis.grondar.za> from Mark Murray at "Nov 23, 99 09:05:25 pm" To: mark@grondar.za (Mark Murray) Date: Wed, 24 Nov 1999 04:22:56 +0800 (WST) Cc: current@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Hello FreebSD'ers! > [snip] > > I have been charged with the duty of ensuring that FreeBSD gets a > security audit that has the credibility of OpenBSD's. > > Consider this to be a request-for-discussion that will head us over to > the actual work of getting it done. [snip] Great idea. Here are some sites on the web that might be of interest: Security Bugware: http://oliver.efri.hr/~crv/security/ (Nice site, seems to be updated regularly) Security Focus: http://www.securityfocus.com/vdb (Vulnerability database -- a lot of the stuff seems to come from bugtraq) Phrack: http://www.phrack.com/ (Some of the recent phracks have been great. Check out: p48-13: TCP/IP SYN Flooding *** p49-14: Smashing the stack for Fun and Profit (READ IT!) p49-15: PortScanning without the SYN flag p51-05: File Descriptor Hijacking p51-11: The Art of Portscanning p52-16: Piercing Firewalls p53-06: T/TCP Vulnerabilities p54-06: The Belt-and-Suspenders Approach. OpenBSD security p55-08: The Frame Pointer Overwrite ) Regards, Mike Kennett (mike@laurasia.com.au) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message