From owner-freebsd-stable Tue May 4 15: 9:24 1999 Delivered-To: freebsd-stable@freebsd.org Received: from mx01.iafrica.com.na (mx01.iafrica.com.na [196.31.227.173]) by hub.freebsd.org (Postfix) with ESMTP id AB14C15231; Tue, 4 May 1999 15:09:10 -0700 (PDT) (envelope-from tim@iafrica.com.na) Received: from dup15-whk.iafrica.com.na ([196.20.4.15] helo=aptiva) by mx01.iafrica.com.na with smtp (Exim 2.11 #1) id 10enN5-000Aij-00; Wed, 5 May 1999 00:09:00 +0200 Message-ID: <372F7025.7081@iafrica.com.na> Date: Wed, 05 May 1999 00:09:41 +0200 From: Tim Priebe Reply-To: tim@iafrica.com.na X-Mailer: Mozilla 3.01 (Win95; I) MIME-Version: 1.0 To: Greg Quinlan Cc: freebsd-stable@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: FreeBSD 3.1 remote reboot exploit (fwd) References: <005401be9932$60574860$380051c2@greg.qmpgmc.ac.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I saw such behavior Sunday when trying to implement a new firewall. The system would repeatedly panic with a trap 12. This would happen immediatelly after the login prompt appeared after the previous panic. The system would be stable, if I removed the first ethernet cable, plug the cable back in, and a short while later it would start over again. It was late, and we had to get the system working again, so we restored to the previous system. I have some information logged for packets at the time. I will check this and try to reproduce after I finish the course I am on this week. Tim. Greg Quinlan wrote: > > This sounds so.. so very familiar!! > > I have been the target of exploits before...... > > The exact same thing I have been experiencing........but not for about 5 > days now! > > I'm not convinced its a pure exploit.. (i.e. a program specifically written > for the purpose) > > Greg > > -----Original Message----- > From: Karl Denninger > To: chris@calldei.com ; Jordan K. Hubbard > > Cc: Mike Smith ; Seth ; > freebsd-stable@FreeBSD.ORG ; > security@FreeBSD.ORG ; jamie@exodus.net > > Date: 04 May 1999 05:20 > Subject: Re: FreeBSD 3.1 remote reboot exploit (fwd) > > >On Mon, May 03, 1999 at 10:51:32PM -0500, Chris Costello wrote: > >> On Mon, May 3, 1999, Jordan K. Hubbard wrote: > >> > > I have to say that Jamie really let us down by not running a raw > >> > > tcpdump alongside the second targetted machine here. Any chance of > >> > > provoking these people into "demonstrating" the exploit on a machine, > >> > > while another connected to the same wire is running > >> > > >> > I'd say he or whomever first reported this to bugtraq let us down even > >> > more by releasing an "advisory" in such an unknown and unverifyable > >> > state. By doing so, all they've done is hand ammunition to the FUD > >> > corps and given us no reasonable chance to respond since the advisory > >> > >> I get the impression that that was the whole point of the > >> bugtraq post, to give us more grief. > > > >Ding! > > > >Give that man a cigar. > > > >Anyone who saw this done to one machine and didn't *immediately* configure > >machine #2 to trap and trace on the second instance deserves raspberries - > >at a minimum. > > > >Its one thing to have it done "anyonmously" (among other things you might > >not be there when it goes "boom" under those conditions!) Its another to > >have it done under controlled conditions and neither get an explanantion > >OR trap the condition that caused it yourself with a tcpdump trace. > > > >-- > >-- > >Karl Denninger (karl@denninger.net) Web: fathers.denninger.net > >I ain't even *authorized* to speak for anyone other than myself, so give > >up now on trying to associate my words with any particular organization. > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message