From owner-freebsd-security Mon Apr 19 10:52:48 1999 Delivered-To: freebsd-security@freebsd.org Received: from tesla-e0.salk.edu (tesla-e0.salk.edu [198.202.70.1]) by hub.freebsd.org (Postfix) with ESMTP id DA17914DB2 for ; Mon, 19 Apr 1999 10:52:34 -0700 (PDT) (envelope-from jorge@salk.edu) Received: from davinci.salk.edu (davinci.salk.edu [198.202.70.31]) by tesla-e0.salk.edu (8.7.5/8.7.3) with SMTP id KAA07151; Mon, 19 Apr 1999 10:49:56 -0700 (PDT) Date: Mon, 19 Apr 1999 10:49:54 -0700 (PDT) From: Jorge Aldana To: Del Hundley Cc: Chris , The Tech-Admin Dude , security@FreeBSD.ORG Subject: Re: poink and freebsd In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Well not necessarily the source but what do we look out for to know that it is running, being used in or against my system? You mentioned /var/log/messages (arp messages) could you be more specific? Jorge On Mon, 19 Apr 1999, Del Hundley wrote: > Many NOCs thank you for that Chris. > > Del Hundley > > On Mon, 19 Apr 1999, Chris wrote: > > > jd- > > > > id rather not post the source to the list, since this is how exploits get > > distributed, and bad things occur. i sent email to the security-officer, > > and a few people to test it out with their setup.. id rather not > > distribute it any further... i hope you understand my reasoning behind it > > :/ > > > > -Chris O'Hara > > Systems Administration > > > > On Mon, 19 Apr 1999, The Tech-Admin Dude wrote: > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > Better yet, post a copy to the mailing list :-).. I have heard of it, but > > > i have not tried it nor seen the effects of it.. post the source up here.. > > > Thanks > > > > > > - -JD- > > > > > > On Mon, 19 Apr 1999, Robert Watson wrote: > > > > > > > On Mon, 19 Apr 1999, Chris wrote: > > > > > > > > > im sure ya'll have heard of poink, an exploit against freebsd/openbsd > > > > > machines (these are the boxes i have tested on) it appears to work very > > > > > efficiently in killing freebsd 3.1 - freebsd 3.0 machines, against one of > > > > > our freebsd 2.2.5 machines, it did bring up the error messages in > > > > > /var/log/messages (arp lookups) but didnt kill the machine like the > > > > > others... > > > > > > > > > > im just wondering if there are any patches for this, and i noticed there > > > > > is no mention of it on freebsd's website.... > > > > > > > > Interestingly, I haven't heard about this one, and it doesn't appear to be > > > > on rootshell, etc. The only "poink" I could find reference to was an > > > > alternative ping program that doesn't require root access--I assume that > > > > means it uses udp or something to try and get a response (perhaps looking > > > > for a connection refused ICMP except on the socket?). I may just have > > > > missed it in passing, of course, given the vast quantities of email that > > > > go through around here :-). > > > > > > > > Since it doesn't appear to have been reported, send a copy of the source > > > > to security-officer@freebsd.org, and feel free to CC me a copy so I can > > > > take a look. > > > > > > > > Robert N Watson > > > > > > > > robert@fledge.watson.org http://www.watson.org/~robert/ > > > > PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 > > > > > > > > Carnegie Mellon University http://www.cmu.edu/ > > > > TIS Labs at Network Associates, Inc. http://www.tis.com/ > > > > Safeport Network Services http://www.safeport.com/ > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > -----BEGIN PGP SIGNATURE----- > > > Version: PGPfreeware 5.0i for non-commercial use > > > Charset: noconv > > > > > > iQA/AwUBNxtibtGMB8VPlu8bEQJ/rgCgp469vqIP+XvUBt8E6p+eWv8kM9YAoJVE > > > JPNHwoC9dFTZuubRq8AxjIej > > > =neIQ > > > -----END PGP SIGNATURE----- > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message