From owner-freebsd-security Tue Oct 13 21:20:13 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA03471 for freebsd-security-outgoing; Tue, 13 Oct 1998 21:20:13 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from stennis.ca.sandia.gov (stennis.ca.sandia.gov [146.246.243.44]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA03463 for ; Tue, 13 Oct 1998 21:20:08 -0700 (PDT) (envelope-from bmah@stennis.ca.sandia.gov) Received: (from bmah@localhost) by stennis.ca.sandia.gov (8.9.1/8.9.1) id VAA08258; Tue, 13 Oct 1998 21:19:52 -0700 (PDT) Message-Id: <199810140419.VAA08258@stennis.ca.sandia.gov> X-Mailer: exmh version 2.0.2 2/24/98 To: security@FreeBSD.ORG Cc: bmah@ca.sandia.gov Subject: Re: Spoofed connections on port 13223?? In-Reply-To: Your message of "Tue, 13 Oct 1998 19:05:56 MDT." <4.1.19981013190522.00c4a200@mail.lariat.org> From: bmah@ca.sandia.gov (Bruce A. Mah) Reply-To: bmah@ca.sandia.gov X-Face: g~c`.{#4q0"(V*b#g[i~rXgm*w;:nMfz%_RZLma)UgGN&=j`5vXoU^@n5v4:OO)c["!w)nD/!!~e4Sj7LiT'6*wZ83454H""lb{CC%T37O!!'S$S&D}sem7I[A 2V%N&+ X-Url: http://www.ca.sandia.gov/~bmah/ Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_713879808P"; micalg=pgp-md5; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Tue, 13 Oct 1998 21:19:52 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --==_Exmh_713879808P Content-Type: text/plain; charset=us-ascii If memory serves me right, Brett Glass wrote: > At 10:58 AM 10/14/98 +1000, Nicholas Charles Brawn wrote: [snip] > >From my limited interactions > >with them, they explicitly state they will deal with situations of > >life-threatening importance first, and then work their way down. Your > >network may not have been high on their list. You cannot fault them for > >this. > > I asked about this. They did not indicate anything of the sort; just said > they got a lot of mail. My (also limited) experience with CERT was consistent with Nick's. They do read their email...I had the interesting experience of a CERT representative phone me after I reported several (unsuccessful) attacks. He wanted to clarify some information in my emails. Two interesting things that I remember from this conversation: 1. As Brett said, they get a lot of mail. They use it to spot out trends. In fact, John Howard, one of my colleagues, did an analysis of some of this data for his PhD dissertation. 2. It's helpful to them if you explicitly tell them what you want, if you need assistance. Usually, what I send to them are CCs of complaints I send to other people, with a notation at the top "CERT: FYI". (I know, this procedure doesn't use their form, which I found cumbersome, but it has all the useful information.) Cheers, Bruce. --==_Exmh_713879808P Content-Type: application/pgp-signature -----BEGIN PGP MESSAGE----- Version: 2.6.2 iQCVAwUBNiQmZ6jOOi0j7CY9AQGREgP+Pgyfa/SospV36NuKyIJWIOv28fd/RRDm g3GvOyj/H7uVeQBbsqNkzRHmcX67aey2I0eRkjTf68e1zh9xpeHWgCRp21DgW++5 8kZQBWvM8Fh0eAsrFzCrjahk4W/d1mTKZ1iKGfd1scbyJZ19HfcfUpQaKuw8ldNJ n3pTYRDcsig= =miHS -----END PGP MESSAGE----- --==_Exmh_713879808P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message