From owner-freebsd-security Tue May 4 2: 9: 8 1999 Delivered-To: freebsd-security@freebsd.org Received: from amanda.qmpgmc.ac.uk (amanda.qmpgmc.ac.uk [194.81.5.1]) by hub.freebsd.org (Postfix) with ESMTP id 4E410156D4; Tue, 4 May 1999 02:08:56 -0700 (PDT) (envelope-from greg@qmpgmc.ac.uk) Received: from greg (gquinlan [194.81.0.56]) by amanda.qmpgmc.ac.uk (8.9.3/8.9.3) with SMTP id KAA12791; Tue, 4 May 1999 10:09:01 +0100 (BST) Message-ID: <005401be9932$60574860$380051c2@greg.qmpgmc.ac.uk> Reply-To: "Greg Quinlan" From: "Greg Quinlan" To: Cc: Subject: Re: FreeBSD 3.1 remote reboot exploit (fwd) Date: Sat, 8 May 1999 10:08:45 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2106.4 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This sounds so.. so very familiar!! I have been the target of exploits before...... The exact same thing I have been experiencing........but not for about 5 days now! I'm not convinced its a pure exploit.. (i.e. a program specifically written for the purpose) Greg -----Original Message----- From: Karl Denninger To: chris@calldei.com ; Jordan K. Hubbard Cc: Mike Smith ; Seth ; freebsd-stable@FreeBSD.ORG ; security@FreeBSD.ORG ; jamie@exodus.net Date: 04 May 1999 05:20 Subject: Re: FreeBSD 3.1 remote reboot exploit (fwd) >On Mon, May 03, 1999 at 10:51:32PM -0500, Chris Costello wrote: >> On Mon, May 3, 1999, Jordan K. Hubbard wrote: >> > > I have to say that Jamie really let us down by not running a raw >> > > tcpdump alongside the second targetted machine here. Any chance of >> > > provoking these people into "demonstrating" the exploit on a machine, >> > > while another connected to the same wire is running >> > >> > I'd say he or whomever first reported this to bugtraq let us down even >> > more by releasing an "advisory" in such an unknown and unverifyable >> > state. By doing so, all they've done is hand ammunition to the FUD >> > corps and given us no reasonable chance to respond since the advisory >> >> I get the impression that that was the whole point of the >> bugtraq post, to give us more grief. > >Ding! > >Give that man a cigar. > >Anyone who saw this done to one machine and didn't *immediately* configure >machine #2 to trap and trace on the second instance deserves raspberries - >at a minimum. > >Its one thing to have it done "anyonmously" (among other things you might >not be there when it goes "boom" under those conditions!) Its another to >have it done under controlled conditions and neither get an explanantion >OR trap the condition that caused it yourself with a tcpdump trace. > >-- >-- >Karl Denninger (karl@denninger.net) Web: fathers.denninger.net >I ain't even *authorized* to speak for anyone other than myself, so give >up now on trying to associate my words with any particular organization. > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message