From owner-freebsd-questions Thu Jul 26 22:43:14 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [206.29.169.15]) by hub.freebsd.org (Postfix) with ESMTP id 870A937B407 for ; Thu, 26 Jul 2001 22:43:11 -0700 (PDT) (envelope-from tedm@toybox.placo.com) Received: from tedm.placo.com (nat-rtr.freebsd-corp-net-guide.com [206.29.168.154]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id f6R5gn850938; Thu, 26 Jul 2001 22:42:50 -0700 (PDT) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Kris Kennaway" Cc: "Shawn Ramsey" , Subject: RE: telnetd problem? Date: Thu, 26 Jul 2001 22:42:49 -0700 Message-ID: <004f01c1165e$f8a22f80$1401a8c0@tedm.placo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <20010726040113.A41239@xor.obsecurity.org> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG The way he posted it I read it as immediately after applying the patches that telnetd started having problems. That would point to a patch being the problem, it would be far too coincidental for him to have made his patches precisely as a large scale attack started on the Internet. But I agree that you could read it differently in that it could be that the problem started not immediately but just right around that time, in which case your correct in that he would need to temporarily replace his new telnetd with the old one to see if the problems went away in order to get an exact pinpoint. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com >-----Original Message----- >From: Kris Kennaway [mailto:kris@obsecurity.org] >Sent: Thursday, July 26, 2001 4:01 AM >To: Ted Mittelstaedt >Cc: Kris Kennaway; Shawn Ramsey; questions@FreeBSD.ORG >Subject: Re: telnetd problem? > > >On Thu, Jul 26, 2001 at 02:24:06AM -0700, Ted Mittelstaedt wrote: >> That's a bandaid. He stated that the problem wasn't happening until >> he updated to the new code, so obviously a patch they put into the >> telnetd broke something. > >No, Ted, that's not obvious. Exploitation of this problem has become >much more widespread since the public distribution of the exploit code >yesterday. The poster hasn't shown that there's a problem >inconsistent with lots of people throwing data at his telnetd trying >to exploit it. > >Kris > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message