From owner-freebsd-security Fri Jan 21 9:21:52 2000 Delivered-To: freebsd-security@freebsd.org Received: from intranova.net (blacklisted.intranova.net [209.3.31.70]) by hub.freebsd.org (Postfix) with SMTP id DD4F015498 for ; Fri, 21 Jan 2000 09:21:48 -0800 (PST) (envelope-from oogali@intranova.net) Received: (qmail 50003 invoked by uid 1001); 21 Jan 2000 12:24:02 -0000 Date: Fri, 21 Jan 2000 12:24:02 +0000 (GMT) From: Intranova Networking Group To: Brett Glass Cc: Fernando Schapachnik , Bob Madden , freebsd-security@FreeBSD.ORG Subject: Re: bugtraq posts: stream.c - new FreeBSD exploit? In-Reply-To: <4.2.2.20000121095431.01a23a90@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I think my machine was hit with it this morning. Rebooted at 8:20am and the logs display nothing but ICMP bandwidth limiting messages, we have to find some way to do this efficiently, in the mean time, can we violate the protocol with somewhat of an 'emergency' patch before we get down to business? Imachonu Ogali Intranova Networking Group On Fri, 21 Jan 2000, Brett Glass wrote: > A few hours after the exploit was announced, AT&T's backbone began > to experience problems. A friend's site, connected directly to > AT&T was down, and I couldn't even traceroute to him. Could be=20 > coincidence, or it could be that someone was already aiming an=20 > attack at some of those routers. Can't tell.... I doubt AT&T > would confirm or deny. >=20 > --Brett >=20 > At 04:20 AM 1/21/2000 , Fernando Schapachnik wrote: > =20 > >Has anyone tried stream.c against CISCO, Nortel, etc. routers? > > > >Althoug off-topic, their (unofficial) vulnerability status would be=20 > >very helpfull? > > > >TIA! > > > >En un mensaje anterior, Bob Madden escribi=F3: > > > I'm grateful for the efforts put forth in finding a reliable means of > > > prevention to this attack. I have seen it's effects. For the benefit = of those > > > working on the solution, I wanted to share what I see when the attack= is in > > > full swing: > > > >Fernando P. Schapachnik > >Administraci=F3n de la red > >VIA NET.WORKS ARGENTINA S.A. > >fernando@via-net-works.net.ar > >(54-11) 4323-3333 > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message >=20 >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message