Bugtraq mailing list archives
Re: NYT Article this morning
From: perry () imsi com (Perry E. Metzger)
Date: Mon, 23 Jan 1995 08:38:12 -0500
Rens Troost says:
NYT repports this morning that 'IP Spoofing' is being used to subvert sites. Anybody have details?
Yes. Its far worse than mere IP spoofing -- that would only get you in to places which stupidly trust things like .rhosts files. The Times did not accurately describe the scope of the problem. This is a Very Bad Problem. People should legitimately worry about this one. I know this is a full disclosure list, but I was asked when I learned about this several days ago not to divulge details -- I was only told on that condition. I'm trying to get in touch with my informant to get relased from my promise so that I can describe the situation in detail. Having been in the situation of being an administrator worried about such things and not knowing where to turn, I believe in full disclosure. I'll try to post as full a disclosure as I can in a few hours. I will not post code, as I doubt that Joe Hacker can use the description to construct the attack, but you should be able to assess if you are vulnerable without any code to exploit the problem. I'll also note that the problem was described in the open literature some time ago -- the New York Times article accurately notes that two Bell Labs types described this in published papers, which should give those in the know some hints. In any case, CERT intends to publish an advisory today. I suspect that the advisory will not describe how to fully fix the problem. Perry
Current thread:
- Re: NFS packet blocking (Was Mouse EXPLOIT info...), (continued)
- Re: NFS packet blocking (Was Mouse EXPLOIT info...) Karl Strickland (Jan 22)
- Re: NFS packet blocking (Was Mouse EXPLOIT info...) Pete Shipley (Jan 22)
- Re: NFS packet blocking (Was Mouse EXPLOIT info...) Karl Strickland (Jan 22)
- Re: NFS packet blocking (Was Mouse EXPLOIT info...) Pete Shipley (Jan 22)
- Re: NFS packet blocking (Was Mouse EXPLOIT info...) Karl Strickland (Jan 23)
- Re: NFS packet blocking (Was Mouse EXPLOIT info...) Bennett Todd (Jan 23)
- Re: NFS packet blocking (Was Mouse EXPLOIT info...) Timothy Newsham (Jan 23)
- A quick patch to help against TCP ISN guessing. Darren Reed (Jan 23)
- Re: NFS packet blocking (Was Mouse EXPLOIT info...) Pete Shipley (Jan 22)
- Re: NFS packet blocking (Was Mouse EXPLOIT info...) Karl Strickland (Jan 22)
- Re: NFS packet blocking (Was Mouse EXPLOIT info...) Jas (Jan 22)
- NYT Article this morning Rens Troost (Jan 23)
- Re: NYT Article this morning Perry E. Metzger (Jan 23)
- Solaris 2.3 PPP Jake Hill (Jan 24)
- Recent troubles der Mouse (Jan 24)
- Re: NYT Article this morning Jim Duncan (Jan 24)
- the next generation of nuke.c Oliver Friedrichs (Jan 25)
- the next generation of nuke.c Scott D. Yelich (Jan 26)
- IP_FORWARDING re-enabled? pluvius (Jan 26)
- Re: IP_FORWARDING re-enabled? Pete Shipley (Jan 26)