Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 26 Jul 2001 22:42:49 -0700
From:      "Ted Mittelstaedt" <tedm@toybox.placo.com>
To:        "Kris Kennaway" <kris@obsecurity.org>
Cc:        "Shawn Ramsey" <shawn@megadeth.org>, <questions@FreeBSD.ORG>
Subject:   RE: telnetd problem?
Message-ID:  <004f01c1165e$f8a22f80$1401a8c0@tedm.placo.com>
In-Reply-To: <20010726040113.A41239@xor.obsecurity.org>

next in thread | previous in thread | raw e-mail | index | archive | help
The way he posted it I read it as immediately after applying the
patches that telnetd started having problems.  That would point to
a patch being the problem, it would be far too coincidental for
him to have made his patches precisely as a large scale attack
started on the Internet.  But I agree that you could read it
differently in that it could be that the problem started not
immediately but just right around that time, in which case your
correct in that he would need to temporarily replace his new
telnetd with the old one to see if the problems went away in
order to get an exact pinpoint.


Ted Mittelstaedt                                       tedm@toybox.placo.com
Author of:                           The FreeBSD Corporate Networker's Guide
Book website:                          http://www.freebsd-corp-net-guide.com


>-----Original Message-----
>From: Kris Kennaway [mailto:kris@obsecurity.org]
>Sent: Thursday, July 26, 2001 4:01 AM
>To: Ted Mittelstaedt
>Cc: Kris Kennaway; Shawn Ramsey; questions@FreeBSD.ORG
>Subject: Re: telnetd problem?
>
>
>On Thu, Jul 26, 2001 at 02:24:06AM -0700, Ted Mittelstaedt wrote:
>> That's a bandaid.  He stated that the problem wasn't happening until
>> he updated to the new code, so obviously a patch they put into the
>> telnetd broke something.
>
>No, Ted, that's not obvious.  Exploitation of this problem has become
>much more widespread since the public distribution of the exploit code
>yesterday.  The poster hasn't shown that there's a problem
>inconsistent with lots of people throwing data at his telnetd trying
>to exploit it.
>
>Kris
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004f01c1165e$f8a22f80$1401a8c0>