Bugtraq mailing list archives
Re: IP Spoofing and Vendors' attitude
From: mark () zang kcc hawaii edu (Mark)
Date: Thu, 26 Jan 1995 12:43:25 -1000 (HST)
that it took so long before someone actually started exploiting the problem.
How long did it take? When was the first time it was used?
It is pretty sad that you have to have enough hackers exploiting a problem before these security vulnerabilities are addressed and it is unfortunate that many vulnerabilities are kept quiet by vendors till enough customers have been abused and someone finally speaks out.
[crap deleted] The only reason I can see that its become an issue now is because Shimora was the only one to spot it because he has logging up the kazoo and SFSU admins willing to sit there on Xmas eve and read logs. There have been several accounts of the incident and all of them indicate the victim was intelligent enough to realise that even though his machines were among the best protected around, there will always be a technique to defeat his security. So he logged his wires and although he couldnt stop the incident, his skills were such that he could piece together an audit trail and identify the holes that had been exploited. Personally I would have loved to have been at the conference when he announced it, it would have been a very interesting discussion, much more than the junk we're reading now. The moral of last years events is to be vigilant and dont assume. Mark
Current thread:
- Re: Recent troubles der Mouse (Jan 24)
- Re: Recent troubles Darren Reed (Jan 24)
- preventing sequence number guessing David A. Wagner (Jan 24)
- Re: preventing sequence number guessing Darren Reed (Jan 24)
- accpet(3n) under SOlaris 2.4 Jas (Jan 25)
- Re: accpet(3n) under SOlaris 2.4 Casper Dik (Jan 25)
- Re: preventing sequence number guessing Timothy Newsham (Jan 25)
- IP Spoofing and Vendors' attitude Christopher Klaus (May 12)
- Re: IP Spoofing and Vendors' attitude Oliver Friedrichs (Jan 25)
- Re: IP Spoofing and Vendors' attitude Mark (Jan 26)
- Re: preventing sequence number guessing David A. Wagner (Jan 25)
- Re: preventing sequence number guessing Perry E. Metzger (Jan 25)
- <Possible follow-ups>
- Re: Recent troubles der Mouse (Jan 25)