From owner-freebsd-security  Tue Dec  4 21:46:52 2001
Delivered-To: freebsd-security@freebsd.org
Received: from minnie.tuhs.org (minnie.tuhs.org [131.245.7.145])
	by hub.freebsd.org (Postfix) with ESMTP id 7E3E837B405
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 21:46:45 -0800 (PST)
Received: (from wkt@localhost)
	by minnie.tuhs.org (8.11.3/8.11.3) id fB55kTf46559
	for freebsd-security@freebsd.org; Wed, 5 Dec 2001 16:46:29 +1100 (EST)
	(envelope-from wkt)
From: Warren Toomey <wkt@minnie.tuhs.org>
Message-Id: <200112050546.fB55kTf46559@minnie.tuhs.org>
Subject: Strange request, telnetd exploit
To: freebsd-security@freebsd.org
Date: Wed, 5 Dec 2001 16:46:29 +1100 (EST)
Reply-To: wkt@tuhs.org
X-Mailer: ELM [version 2.4ME+ PL68 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi all,
	This is a strange request. I'm giving a network programming course
at a Uni here in Australia. Last week, I looked at common vulnerabilites,
e.g buffer overflows, and I also described probe tools etc etc.

On Friday, I was going to demonstrate tools like nmap, nessus and saint,
and end with a demo of a real-live exploit. I thought of the recent telnetd
exploit, and I still have the old FreeBSD 4.3 binary on CD.

I'd like to set up the old, vulnerable telnet with appropriate
/etc/hosts.allow rules to only allow an attack from within the local subnet.

However, I cannot find a copy of the exploit code. Can anybody help me?

To give you some details of my bona fides:

The course I'm running: http://www.it.bond.edu.au/inft334/013/
The security lecture: http://www.it.bond.edu.au/inft334/013/lectures/week12.html
I was assistant program chair on a security symposium which was held
about 2 weeks ago: http://www.auug.org.au/security2001/
Other security stuff I have worked on in the past:
http://minnie.tuhs.org/Seminars/index.html (you have to read the titles)

Many thanks in advance,
	Warren Toomey, School of IT, Bond Uni

P.S My PGP keys are at http://minnie.tuhs.org/warren.html if you'd rather
send me PGP-encrypted code.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message