On Tue, 12 Sep 1995, Jay 'Whip' Grizzard wrote: > I saw the "pmcrash" program, but I never saw the commentary on it that > was supposedly sent before the exploit was sent. Anyone know the details > of how it works? (other than the obvious explenation provided by reading > the source...) It was simply to telnet to the portmaster and send the break character. This would cause the PM to reboot. > I, personally, can't understand such a passive attitude on the part of > Livingston -- I personally would call a bug where you can crash virtually > anyone's network connection, from virtually anywhere in the world, to be > a major bug. Maybe it's just me... I am on the portmasters mailing list as well, and a representative from Livingston said he "considered it a feature and not a bug". I find this hard to believe too, and have been complaining about it to all those around me for several days! > ObBugTraq: Apparently (at least, under limited testing), putting up a filter > to prevent folks from getting to your login port from the outside world > will protect you -- Except I don't _want_ to have to start filtering things > out, and in some circuimstances (backbone routers, etc), it's not exactly > a viable option. Do YOU want to have the bandwith of several T1's all > running through a filter before they get off the router? No, thanks... Another solution is to change the telnet port for the PM. Its not a permanent solution, but it would stop those would-be crackers that just try to telnet to the PM, not knowing the correct port number. Phillip Moore office: 601.952.1570 Internet Doorway, Inc. fax : 601.952.1573 Systems Administrator www : http://www.netdoor.com/