ABfrag followup / WITHOUT ATTACHMENT

From: daniel.roberts@hushmail.com
Date: 10/24/02 

Date: Thu, 24 Oct 2002 07:38:36 -0700
To: bugtraq@securityfocus.com, incidents@securityfocus.com, vuln-dev@securityfocus.com
From: daniel.roberts@hushmail.com

-----BEGIN PGP SIGNED MESSAGE-----

Greetings again,
Due to legal restrictions in the ABfrags output the Securityfocus staff are
refusing to distribute the binary on any of their lists and I do not have the
time or patience to reply to each repondant individually.
It is quite frankly staggering to see politics playing such a role in the
security of my organization's infrastrcuture.
If anybody could email offering a _PUBLIC_ place for the distribution of this
binary (it seems to be all over several IRC networks and I have recieved two
other reports of similar compromise from subscribers to these lists) then I
will more than happy to provide you with it.

The behaviour that triggered my IDS was rapidly mounting unsequenceable seq
numbers in the TCP stream. There seemed to be a backlog of unsent traffic
from my gateway box causing a rise in the size of the TCP queue in one of
the internal unrouted machines - also a Linux (2.4.17).
Unfortunately a non-disclosure agreement I have signed with my current
employers prohibits me from releasing any IDS logs or even the location
of the network - I am probably sailing a bit close to wind as it is.

As for the gateway machine itself; it was running no server processes and
has very little client activity - only the occasional reboot or reconfiguration.
We had installed the 'grsec' security patch and had enabled non-executable
user pages as a precaution against intrustion. Due to performance hits, however,
we had not enabled ET_DYN or non-executable kernel pages.

Again a very big thankyou to all those who have responded, I will try
to get a personal reply to you all as soon as possible. However, as I'm
sure you can appreciate my current schedule is somewhat hectic.

Yours,
Daniel Roberts
Head Network Manager

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wmMEARECACMFAj22txocHGRhbmllbC5yb2JlcnRzQGh1c2htYWlsLmNvbQAKCRBLfvv8
SUo/d09uAKCjR2r697zsAKYpCo+5hT8eS2BakwCgvD954VHzuQpQo1a9oAqJPDQY5Nw=
=7jva
-----END PGP SIGNATURE-----

Get your free encrypted email at https://www.hushmail.com

Relevant Pages

  • RE: PAWS security vulnerability
    ... FreeBSD security list" isn't grammatically correct. ... "I told you to post the patch and info to the appropriate FreeBSD security ... "...This point and others are often discussed on the mailing lists, ...
    (freebsd-questions)
  • May I have permission to travel???????
    ... ""Homeland Security Tightens Grip on International Travel ... The Department of Homeland Security proposed new rules back in July ... These lists ... Instead of providing a passenger manifest after departure as now ...
    (alt.true-crime)
  • RE: PAWS security vulnerability
    ... You STILL haven't taken this to the correct security mailing list, ... > FreeBSD security ... >>lists, and you aren't the least bit interested in doing what ... >>appropriate forum to post the patch, ...
    (freebsd-questions)
  • [NEWS] Cisco IOS Stack Group Bidding Protocol Crafted Packet DoS
    ... Get your security news from a reliable source. ... The SGBP implementation provided by the Cisco Internetwork Operating ... This vulnerability affects any device that runs Cisco IOS and has enabled ... to apply Access Control Lists to prevent untrusted hosts from ...
    (Securiteam)
  • [Full-Disclosure] Was: Full Disclosure = Exploit Release - No disclosure No Fix
    ... For the bigger vendors, statistics will iron out mistakes - and ... Would you write a script for that - unlikely. ... 588 new vulnerabilities were posted on major lists. ... To this list of unanswereable questions I could add the ratio of security ...
    (Full-Disclosure)