From owner-freebsd-security  Wed Aug 12 12:55:01 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA29287
          for freebsd-security-outgoing; Wed, 12 Aug 1998 12:55:01 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from aniwa.sky (aniwa.actrix.gen.nz [203.96.56.186])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA29266
          for <freebsd-security@FreeBSD.ORG>; Wed, 12 Aug 1998 12:54:53 -0700 (PDT)
          (envelope-from andrew@squiz.co.nz)
Received: from localhost (andrew@localhost)
	by aniwa.sky (8.8.7/8.8.7) with SMTP id HAA00455;
	Thu, 13 Aug 1998 07:52:28 +1200 (NZST)
	(envelope-from andrew@squiz.co.nz)
Date: Thu, 13 Aug 1998 07:52:28 +1200 (NZST)
From: Andrew McNaughton <andrew@squiz.co.nz>
X-Sender: andrew@aniwa.sky
Reply-To: andrew@squiz.co.nz
To: Brett Glass <brett@lariat.org>
cc: Marius Bendiksen <Marius.Bendiksen@scancall.no>,
        freebsd-security@FreeBSD.ORG
Subject: Re: UDP port 31337
In-Reply-To: <199808121812.MAA01183@lariat.lariat.org>
Message-ID: <Pine.BSF.3.96.980813074720.174A-100000@aniwa.sky>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 12 Aug 1998, Brett Glass wrote:

> Date: Wed, 12 Aug 1998 12:04:54 -0600
> From: Brett Glass <brett@lariat.org>
> To: Marius Bendiksen <Marius.Bendiksen@scancall.no>
> Cc: freebsd-security@FreeBSD.ORG
> Subject: Re: UDP port 31337
> 
> If no one was listening, it wouldn't be a problem.
> 
> Only an attacker who INTENDED to invade your systems would be subject to
> crashes due to the response. And would deserve it.

Every so often I get a couple of packet fragments arive from from some
location or other to an apparently randomn port.  Could be I'm wrong, and
there could be more pattern to it than I've noted, but so far I've assumed
that this is a damaged packet, and wasn't necessarily supposed to go to
where it did.  I haven't looked at packet contents.

If this is the likely explanation (feedback welcome) then it underlines
the need for a reasonably robust trigger for any action that has
potentially dangerous consequences.

If the retaliation was an exploit of a bug in the BO client though then I
could be tempted to run it.

Andrew





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message