Re: TCP Resource Exhaustion Attacks

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sorry to butt in, especially if somebody is working on a reply to this
already, but come on.

Robert E. Lee wrote:
> As long as the vendors are working with us, we see no compelling  
> reason to appease the internet security research community as a whole  
> with full disclosure details.  That doesn't help anyone at this point,  
> so the "put up or shut up" line of reasoning comes off as silly.

If the vendors are working with you, what compelling reason do you have to
tell the internet security research community as a whole that you can
basically pwn any implementation out there and apparently any devices in
between you and the target without giving any real details?  Doing something
like that doesn't help anyone (else), so it comes off as silly.

> Robert

Thanks,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSOoSAv9K37xXYl36AQIzNw//cqaEWXurvFzDeT1PWz4B4UHxHtY06YOk
txiP+64M2NcDEZhu73rOIXu2WqOQ4AwuGZcpphvFzYOuOEzNDrT3f7G1a2yZ+kL0
yW1OetpC5Fu9jsJIS8pbCKmsvoOJhnFMAI7mAuFFkwTFmSRJsQLc0e4pdbwYRpgm
ola81/Pd1xe3TAzWdBPUBpwGZEOpqrVIg4l7viZKFh7IQtY0lHinTmb+G8VG1943
VICbbRCWUNNRxcV2o9GKBa3QNhQTm2XZ4NjGn2/Kh9HcNGT3rXsBmX+oETJVuUCu
QqYLzfHAtN5JC1lfRjU2wg3fyOtmwRSajdg0mMc6o3x0Tj4DtljnVqx7O+us5xsN
8rWeXbt7K+NqF1xuBVsJfiLIPzUOhXf+udhH+OQBboqOejhTnbqVY7COYwJy5I3C
LeSUfDjwS3iNmKD8c3pvA+A/LE+P4ttqVw91YLxoYeYpFlWh7vQroV3YRgnkb4CN
7g09oAlkAMSdxWT/JXFWOGWKjkEJvisPx7XAjPNBGG1+Re/9j0i5SafRRc67nJcE
XzicvbFX0nlBOzSkJdtLcczI8FIjmaAWf8mURx1aHjqD6hwzp9j9m8jEgZAFxhUl
Jt2t1Z0hgXPIg58OEwlLFRTlnIm4R5d2i1C0RbxkwraimEtb4zBhEcBOjzKbOCJO
KGc9S498sPk=
=hdSg
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org