Re: Livingston bugs...

[phil () netdoor com (Phillip Moore)]

On Tue, 12 Sep 1995, Jay 'Whip' Grizzard wrote:

> I saw the "pmcrash" program, but I never saw the commentary on it that
> was supposedly sent before the exploit was sent. Anyone know the details
> of how it works? (other than the obvious explenation provided by reading
> the source...)

It was simply to telnet to the portmaster and send the break character.
This would cause the PM to reboot.

> I, personally, can't understand such a passive attitude on the part of
> Livingston -- I personally would call a bug where you can crash virtually
> anyone's network connection, from virtually anywhere in the world, to be
> a major bug. Maybe it's just me...

I am on the portmasters mailing list as well, and a representative from
Livingston said he "considered it a feature and not a bug".  I find this
hard to believe too, and have been complaining about it to all those around
me for several days!


> ObBugTraq: Apparently (at least, under limited testing), putting up a filter
> to prevent folks from getting to your login port from the outside world
> will protect you -- Except I don't _want_ to have to start filtering things
> out, and in some circuimstances (backbone routers, etc), it's not exactly
> a viable option. Do YOU want to have the bandwith of several T1's all
> running through a filter before they get off the router? No, thanks...

Another solution is to change the telnet port for the PM.  Its not a
permanent solution, but it would stop those would-be crackers that just try
to telnet to the PM, not knowing the correct port number.

Phillip Moore           office: 601.952.1570
Internet Doorway, Inc.  fax   : 601.952.1573
Systems Administrator   www   : http://www.netdoor.com/