Bugtraq mailing list archives
Re: updated Bindview NAPTHA advisory
From: Alfred Perlstein <bright () WINTELCOM NET>
Date: Tue, 19 Dec 2000 18:52:46 -0800
* Bob Keyes <bkeyes () MAIL BOS BINDVIEW COM> [001219 16:36] wrote:
The NAPTHA DoS vulnerabilities Issue Date: 30 November 2000 Updated: 18 December 2000 Contact: Robert Keyes Topic: Network DoS vulnerabilities Overview: A set of network DoS vulnerabilities has been discovered, and the name NAPTHA is being used to describe them as a group. The NAPTHA vulnerabilities are weaknesses in the way that TCP/IP stacks and network applications handle the state of a TCP connection.
I thought this was already exposed as a pretty stupid vulnerability. You need local net access or you must reveal your identity for this attack to work (send packets with a true source address). This is also just another rehash of an old program called "octopus", just that it requires less resources to run. I can't believe you guys are still trying to gain attention with this bogus "vulnerability". References (you'll laugh): http://docs.freebsd.org/cgi/getmsg.cgi?fetch=111311+0+archive/2000/freebsd-security/20001210.freebsd-security http://docs.freebsd.org/cgi/getmsg.cgi?fetch=157312+0+archive/2000/freebsd-security/20001210.freebsd-security Lastly the flooding on the ssh port should have been fixed since at least FreeBSD 4.1.1 which is several months old. bye! -- -Alfred Perlstein - [bright () wintelcom net|alfred () freebsd org] "I have the heart of a child; I keep it in a jar on my desk."
Current thread:
- updated Bindview NAPTHA advisory Bob Keyes (Dec 19)
- Re: updated Bindview NAPTHA advisory Alfred Perlstein (Dec 20)
- Re: updated Bindview NAPTHA advisory Bob Keyes (Dec 20)
- Re: updated Bindview NAPTHA advisory Michal Zalewski (Dec 20)
- Re: updated Bindview NAPTHA advisory stanislav shalunov (Dec 20)
- Re: updated Bindview NAPTHA advisory Alfred Perlstein (Dec 20)