From owner-freebsd-security Wed Aug 12 07:59:16 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA07232 for freebsd-security-outgoing; Wed, 12 Aug 1998 07:59:16 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from stennis.ca.sandia.gov (stennis.ca.sandia.gov [146.246.243.44]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA07223 for ; Wed, 12 Aug 1998 07:59:13 -0700 (PDT) (envelope-from bmah@stennis.ca.sandia.gov) Received: (from bmah@localhost) by stennis.ca.sandia.gov (8.9.1/8.9.1) id HAA17389; Wed, 12 Aug 1998 07:58:10 -0700 (PDT) Message-Id: <199808121458.HAA17389@stennis.ca.sandia.gov> X-Mailer: exmh version 2.0.2 2/24/98 To: andrew@squiz.co.nz Cc: Marius Bendiksen , freebsd-security@FreeBSD.ORG Subject: Re: UDP port 31337 In-Reply-To: Your message of "Wed, 12 Aug 1998 23:12:22 +1200." From: bmah@CA.Sandia.GOV (Bruce A. Mah) Reply-To: bmah@CA.Sandia.GOV X-Face: g~c`.{#4q0"(V*b#g[i~rXgm*w;:nMfz%_RZLma)UgGN&=j`5vXoU^@n5v4:OO)c["!w)nD/!!~e4Sj7LiT'6*wZ83454H""lb{CC%T37O!!'S$S&D}sem7I[A 2V%N&+ X-Url: http://www.ca.sandia.gov/~bmah/ Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_676043472P"; micalg=pgp-md5; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Wed, 12 Aug 1998 07:58:10 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --==_Exmh_676043472P Content-Type: text/plain; charset=us-ascii If memory serves me right, Andrew McNaughton wrote: [fake network services] > It seems plausible that this might be introduced to the culture of > internet bug reports, but it would be entirely dependent on some > organization setting up a centralised monitoring facility. Probably it > would be also be dependent on a standardized attack report protocol that > obviated the need for new software to be set up to record information on > each new bug being reported. Probably improbable. I haven't seen the words "Internet" and "centralised" (for me that would be "centralized") in the same sentence for awhile. :-) Anyways, I'm just put in mind of an incident a couple years ago, when some nameless ISP was worried about people telnetting into their servers. Their security consultant (who shall also remain nameless) set up a script on TCP port 23 that, when it detected a connection attempt, would automatically send a complaint letter to the perceived ISP of the source, as well as to CERT. Probably in retaliation, someone spammed USENET with promises of many wonderful things (I remember "a program to break PGP encryption" being one of them), which could all be had for free, by telnetting to a certain IP address...well, you get the picture. I don't think you were suggesting this, but this story points out the need to be careful with completely automated attack reporting systems. Bruce. --==_Exmh_676043472P Content-Type: application/pgp-signature -----BEGIN PGP MESSAGE----- Version: 2.6.2 iQCVAwUBNdGtgqjOOi0j7CY9AQFALwP/fIX3n6wQsnJ+UjGHD7htOo+MFbHIawnp kppJ24rfkEdjP1Q/7wwiQ86r1dUxY8tAJjln716ZHvPqq3V+Ek+ELehccFYxaPRK zQVmr8Eo6HgEeTErSHgBTYnAv4IhbRQd6WABsQN3tJPi5cUkRGOjv6fqL9/J28bG vY89b89rBU4= =J80D -----END PGP MESSAGE----- --==_Exmh_676043472P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message