Re: Livingston bugs...
Phillip Moore (phil@netdoor.com)
Tue, 12 Sep 1995 15:47:33 -0500
On Tue, 12 Sep 1995, Jay 'Whip' Grizzard wrote:
> I saw the "pmcrash" program, but I never saw the commentary on it that
> was supposedly sent before the exploit was sent. Anyone know the details
> of how it works? (other than the obvious explenation provided by reading
> the source...)
It was simply to telnet to the portmaster and send the break character.
This would cause the PM to reboot.
> I, personally, can't understand such a passive attitude on the part of
> Livingston -- I personally would call a bug where you can crash virtually
> anyone's network connection, from virtually anywhere in the world, to be
> a major bug. Maybe it's just me...
I am on the portmasters mailing list as well, and a representative from
Livingston said he "considered it a feature and not a bug". I find this
hard to believe too, and have been complaining about it to all those around
me for several days!
> ObBugTraq: Apparently (at least, under limited testing), putting up a filter
> to prevent folks from getting to your login port from the outside world
> will protect you -- Except I don't _want_ to have to start filtering things
> out, and in some circuimstances (backbone routers, etc), it's not exactly
> a viable option. Do YOU want to have the bandwith of several T1's all
> running through a filter before they get off the router? No, thanks...
Another solution is to change the telnet port for the PM. Its not a
permanent solution, but it would stop those would-be crackers that just try
to telnet to the PM, not knowing the correct port number.
Phillip Moore office: 601.952.1570
Internet Doorway, Inc. fax : 601.952.1573
Systems Administrator www : http://www.netdoor.com/