From owner-freebsd-security  Tue Oct 13 17:59:15 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA05868
          for freebsd-security-outgoing; Tue, 13 Oct 1998 17:59:15 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from banshee.cs.uow.edu.au (banshee.cs.uow.edu.au [130.130.188.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA05852
          for <security@FreeBSD.ORG>; Tue, 13 Oct 1998 17:59:07 -0700 (PDT)
          (envelope-from ncb05@banshee.cs.uow.edu.au)
Received: (from ncb05@localhost)
	by banshee.cs.uow.edu.au (8.9.1a/8.9.1) id KAA21082;
	Wed, 14 Oct 1998 10:58:33 +1000 (EST)
Date: Wed, 14 Oct 1998 10:58:32 +1000 (EST)
From: Nicholas Charles Brawn <ncb05@uow.edu.au>
X-Sender: ncb05@banshee.cs.uow.edu.au
To: Brett Glass <brett@lariat.org>
cc: "Jan B. Koum " <jkb@best.com>, security@FreeBSD.ORG
Subject: Re: Spoofed connections on port 13223??
In-Reply-To: <4.1.19981013162129.0475b390@mail.lariat.org>
Message-ID: <Pine.SOL.4.02A.9810141050001.14321-100000@banshee.cs.uow.edu.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 13 Oct 1998, Brett Glass wrote:

> At 01:58 PM 10/13/98 -0700, Jan B. Koum wrote:
> 
> >        However, I never delt with CERT and not really sure how things work
> >        when someone calls them.
> 
> When we had a machine rooted, they DIDN'T call back. They didn't even
> respond to the e-mail until a momth later. Their announcement of the
> security hole through which our machine was compromised came WEEKS
> after it was too late.
> 
> In short, they're ineffectual except perhaps as archivists.
> 
> --Brett

Brett, when you statements like that, be sure to "qualify" them and
say something along the lines of "in my experience, they are
ineffectual...", etc. Perhaps if you think about the security situation
at the time, with potentially hundreds of machines being attacked as a
result of the same bug you got rooted with, they have to set some sort
of priority over who they handle first. From my limited interactions
with them, they explicitly state they will deal with situations of
life-threatening importance first, and then work their way down. Your
network may not have been high on their list. You cannot fault them for
this.

Nick

--
Email: ncb@poboxes.com - http://www.poboxes.com/ncb 
Key fingerprint =  DE 30 33 D3 16 91 C8 8D  A7 F8 70 03 B7 77 1A 2A



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message