tcpdump mailing list archives
Re: tcpdump.org mirrors
From: "Joseph W. Shaw II" <mrman () darkside org>
Date: Wed, 13 Nov 2002 10:23:33 -0600 (CST)
On Thu, 14 Nov 2002, Grant Bayley wrote:
I run the main mirror of tcpdump at wiretapped.net (no relation to wiretapped.us) in Australia. We rsync from cvs.tcpdump.org, and have removed the entire tcpdump.org tree and disabled rsync updates until we hear from Michael Richardson at tcpdump.org. You may like to add this info to your Updates area, as the unavailability of the main mirror site may seem suspicious. It is not, as described above. Because wiretapped.net itself is mirrored to a few other sites, it may take between 1 hour and 24 hours for this removal (and any subsequent re-addition) to take effect. We'll note when it goes back online at http://www.wiretapped.net/changelog.html
I sent a notification to Michael at 2:30 am this morning when the HLUG guys informed me. While I wrote the tcpdump.org page, I don't have any admin rights to the server so there's nothing I can do to change anything on it. Until Michael finds himself aware of this issue, all mirrors should remove their source packages until further notice. Checking CVS, it looks like only the source tarballs were trojaned, not the CVS entries for the affected files. configure 1.35 and gencode.c 1.180 for libcap and configure 1.91 from tcpdump all checkout clean for the backdoor. Removing the CVS trees mirrors may be a bit premature, but being paranoid myself I can certainly understand erring on the side of caution. If you've installed libpcap 0.7.1 and/or tcpdump 3.7.1 from source tarballs obtained from tcpdump.org, please check gencode.c from libpcap source and configure from both libpcap and tcpdump. In configure you'll be looking for these two lines (3353-3354 in the tcpdump source): CNF="services" URL="mars.raketti.net/~mash/$CNF" If you can verify that they are or are not trojaned in your source tarballs and give the date/time you downloaded them and forward that to me I would appreciate it. It will help us track down when this happened. Like everyone else, I'm waiting to hear from Michael. Regards, -- Joseph W. Shaw, II - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- tcpdump.org mirrors Grant Bayley (Nov 13)
- Re: tcpdump.org mirrors Joseph W. Shaw II (Nov 13)
- Re: tcpdump.org mirrors Michael Richardson (Nov 18)
- Re: [WT-CHANGES] tcpdump.org mirrors mlh (Nov 18)
- Re: [WT-CHANGES] tcpdump.org mirrors Michael Richardson (Nov 18)
- Re: [WT-CHANGES] tcpdump.org mirrors Grant Bayley (Nov 18)
- Re: [WT-CHANGES] tcpdump.org mirrors Grant Bayley (Nov 18)
- Re: tcpdump.org mirrors Michael Richardson (Nov 18)
- Re: tcpdump.org mirrors Grant Bayley (Nov 18)
- Re: tcpdump.org mirrors Joseph W. Shaw II (Nov 13)