Bugtraq mailing list archives
Re: RSI.0001.05-01-98.ALL.QUAKE_SERVER
From: jtb () PUBNIX ORG (jtb)
Date: Tue, 5 May 1998 12:10:25 -0400
That won't work either, as the advisory said that any ip address on the Class C would do the trick. This will however stop script kids from just compiling and running the exploit, however if you really want to stop all further successful exploits, you'll have to put in a ruleset to deny packets from the entire class c. On Tue, 5 May 1998, Mark Morgan wrote:
We've found that putting 194.246.40.42 into the ip ban list on the server does NOT work for this exploit, using Jeff's exploit for this. Instead, we had to us ipfwadm, to block incoming packets from this site, which did the trick(this being under Linux). Mark Morgan Network Operations, GI/GX Networks.
Current thread:
- Re: RSI.0001.05-01-98.ALL.QUAKE_SERVER Nick (May 01)
- Re: RSI.0001.05-01-98.ALL.QUAKE_SERVER Mark Morgan (May 05)
- Re: RSI.0001.05-01-98.ALL.QUAKE_SERVER jtb (May 05)
- Re: RSI.0001.05-01-98.ALL.QUAKE_SERVER Christian Antkow (May 05)
- 3Com switches - undocumented access level. Eric Monti (May 05)
- xterm and Xaw library vulnerability (XFree86 advisory) David Dawes (May 05)
- Re: xterm and Xaw library vulnerability (XFree86 advisory) David Dawes (May 06)
- Fix for Quake Servers dizzy (May 05)
- Re: RSI.0001.05-01-98.ALL.QUAKE_SERVER Mark Morgan (May 05)