From owner-freebsd-security  Mon Apr 19 12:11:30 1999
Delivered-To: freebsd-security@freebsd.org
Received: from hiway1.exit109.com (hiway1.exit109.com [208.225.64.3])
	by hub.freebsd.org (Postfix) with ESMTP id 20083155B8
	for <security@FreeBSD.ORG>; Mon, 19 Apr 1999 12:11:27 -0700 (PDT)
	(envelope-from freebsd@hiway1.exit109.com)
Received: from localhost (freebsd@localhost) by hiway1.exit109.com (8.9.3/8.7.3) with SMTP id PAA06590; Mon, 19 Apr 1999 15:08:58 -0400 (EDT)
Date: Mon, 19 Apr 1999 15:08:58 -0400 (EDT)
From: Chris <freebsd@hiway1.exit109.com>
To: Rajit Manohar <rajit@csl.cornell.edu>
Cc: security@FreeBSD.ORG
Subject: Re: poink and freebsd 
In-Reply-To: <199904191854.OAA02778@mozart.csl.cornell.edu>
Message-ID: <Pine.BSF.3.96.990419150002.20749G-100000@hiway1.exit109.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

rajit-

so, if you setup a timer to execute the poink sploit on the box every,
say, 10 seconds? (it takes little bandwidth, and 10 seconds is nothing)..
and the machine is dead, and will stay dead...

-Chris

On Mon, 19 Apr 1999, Rajit Manohar wrote:

> 
> Hi all,
> 
> I just tested poink on FreeBSD 3.1-RELEASE, and the machine has a
> minor problem and then recovers. As people pointed out, arp is arp and
> it really shouldn't hose systems much. I haven't tried out extensive
> tests yet... maybe later in the evening when I have more time. :)
> 
> Here's my log file:
> 
> Apr 19 14:39:32 <foo> /kernel: arp: <baz> is using my IP address <mumble>!
> Apr 19 14:39:32 <foo> last message repeated 16 times
> Apr 19 14:39:32 <foo> /kernel: 
> Apr 19 14:39:32 <foo> /kernel: arp: <baz> is using my IP address <mumble>!
> Apr 19 14:39:32 <foo> last message repeated 2 times
> 
> (<foo> -> your machine, <baz> -> your ethernet addr, <mumble> -> your
> ip addr :) )
> 
> The next thing that happened was that ypbind complained for a bit (NIS
> server not responding) and amd was unhappy. The machine always
> responded to pings, but my home directory disappeared temporarily.  In
> about a minute, everything returned to normal (AFAIK).  I'd guess that
> a repeated-poink, or a poink of an nfs server would be a more serious
> problem.
> 
> -Rajit
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message