From owner-freebsd-stable Mon May 3 20:43:21 1999 Delivered-To: freebsd-stable@freebsd.org Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228]) by hub.freebsd.org (Postfix) with ESMTP id AE95A1579B; Mon, 3 May 1999 20:43:17 -0700 (PDT) (envelope-from jkh@zippy.cdrom.com) Received: from zippy.cdrom.com (localhost [127.0.0.1]) by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id UAA30990; Mon, 3 May 1999 20:42:48 -0700 (PDT) (envelope-from jkh@zippy.cdrom.com) To: Mike Smith Cc: Seth , freebsd-stable@FreeBSD.ORG, security@FreeBSD.ORG, jamie@exodus.net Subject: Re: FreeBSD 3.1 remote reboot exploit (fwd) In-reply-to: Your message of "Mon, 03 May 1999 18:40:30 PDT." <199905040140.SAA01305@dingo.cdrom.com> Date: Mon, 03 May 1999 20:42:48 -0700 Message-ID: <30986.925789368@zippy.cdrom.com> From: "Jordan K. Hubbard" Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > I have to say that Jamie really let us down by not running a raw > tcpdump alongside the second targetted machine here. Any chance of > provoking these people into "demonstrating" the exploit on a machine, > while another connected to the same wire is running I'd say he or whomever first reported this to bugtraq let us down even more by releasing an "advisory" in such an unknown and unverifyable state. By doing so, all they've done is hand ammunition to the FUD corps and given us no reasonable chance to respond since the advisory is so content-free as to be completely worthless. Saying that "you saw something crash the box" is like telling the highway patrol that you "saw a stranded motorist somewhere between San Francisco and New York (and oh yeah, it was on a road!)" - what the hell are they supposed to do with a report like that? Auditing the entire operating system in search of such a reboot bug would be about as effective (and practical) as trying to search the entire U.S. highway system from coast to coast. If we want to actually achieve something with these little security alerts (other than to get people to stop reading them because they cry "Wolf!" all the time), we need to do a lot better than this. This didn't even meet the most minimal standards for competence I'd expect from someone in this industry. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message