Our product detected the attack as a 'connectio flood' which is basically
where you open up lots of connections to a server and leave them idle. This
causes the server to have lots of open connections so that it reaches its
maximum connection limit and therefore nobody else can access the site
Oh! One of the blue-haired elite dudes from IRC posted an advisory without a
single buffer overflow or format string bug! The world goes under!
After all, it is SO much harder to use egrep(1) to find problems with strcpy()
in C code than it is to use egrep(1) to find problems in echo statements
At least I got a DIALOG with a request to run a script marked safe for
scripting. [note to self; dumb user; clicks aren't for kids]
When I clicked the yes button, lo and behold,
a brand new freaking cup holder emerged :-)
I always though it was an nestle ice cream drumstick holder great for when
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 07.11.03:
http://www.idefense.com/advisory/07.11.03.txt
Win32 Message Vulnerabilities Redux
July 11, 2003
About one year ago, Chris Paget published a pair of papers that
described fundamental flaws in the way the Microsoft
Sorry but I disagree. Firewalls don't defent against connection floods
(naptha type attacks) very well at all.
Take Cisco PIX as an example which has a setting where you can limit the
maximum connection rate and the number of connections. The connection rate
for the attack is quite low so this
-BEGIN PGP SIGNED MESSAGE-
Hi there,
Firstly, I've only just subscribed to full-disclosure having been
forwarded the iDefense paper by my colleagues here at NGSSoftware.
Apologies if I've missed some important parts of the discussion and
am repeating what may have been said already.
-Original Message-
From: Dimitris Chontzopoulos [mailto:[EMAIL PROTECTED]
Sent: Friday, July 11, 2003 15:19
To: 'Gareth Blades'
Subject: RE: [Full-Disclosure] RE: Attack profiling tool?
Sorry but I disagree. Firewalls don't defent against connection floods
(naptha type attacks)
What I find really sad is that this silly exchange is being done on a list
that supposedly has to do with disclosures related to security. Not your
ego's, seemingly low self esteem and or lack of life as it now looks like.
If you don't want to appear to be some immature child don't speak like
This might be testing of a new tool/toy in developement, and might
explain the icmp traffic your original posting of the packet traces
provided.
Thanks,
Ron DuFresne
On Fri, 11 Jul 2003, Gareth Blades wrote:
-Original Message-
From: Dimitris Chontzopoulos [mailto:[EMAIL
As to which tool is enacting the syn flood, it could be one of many, there
are quite a few tools that can do syn flood attacks, which these appear to
be. what is interesting also are the ICMP's that were displayed as
well...
But, to point directly as some tool/toy that is being used, you'd
On Fri, 11 Jul 2003 01:10:19 +0200, Knud Erik Højgaard [EMAIL PROTECTED] wrote:
We all know that the AV-industry is living on loaned time. Soon (hopefully)
people will realise the need for a safe (read, no interactivity, just
text) mail client. That would be a nice start.
You mean like this
On Fri, 11 Jul 2003 01:10:19 +0200, Knud Erik Højgaard [EMAIL PROTECTED] wrote:
We all know that the AV-industry is living on loaned time. Soon (hopefully)
people will realise the need for a safe (read, no interactivity, just
text) mail client. That would be a nice start.
On Fri, 11 Jul 2003
-Original Message-
From: Ron DuFresne [mailto:[EMAIL PROTECTED]
Sent: 11 July 2003 17:37
To: Gareth Blades
Cc: Fulldisclosure
Subject: RE: [Full-Disclosure] RE: Attack profiling tool?
As to which tool is enacting the syn flood, it could be one of many, there
are quite a few
- Original Message -
From: Andreia Gaita [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, July 11, 2003 7:25 PM
Subject: OT: Re: [Full-Disclosure] The incredible intolerance of Knud
[snip]
Just my 2 (off-topic) cents.
To throw in another 0.0456 euros's, as of IE6 SP1,
On Fri, 11 Jul 2003 21:49:39 +0100, Nexus wrote:
as of IE6 SP1, Outlook Express
does text only emails as well. Personally, I think HTML email is *evil*
but that's just me ;-)
http://support.microsoft.com/?kbid=291387
Wow, finally! I was wondering when they were going to realize email
contains,
SINTRAQ, is a security mailing list which informs subscribers about the
latest security vulnerabilities 24x7x365. Subscription to SINTRAQ is
completely free.
Sintelli collates and consolidates information from hundreds of sources,
providing users with a single source for all security
At 11:32 PM 7/11/03 +0100, SINTRAQ wrote:
Note: This is a high volume mailing list and
all emails are in HTML format.
^^
Had me interested until I got to this part.
m5x
___
Full-Disclosure - We believe in it.
Charter:
nice try, but no prize.
If you haven't been aware HTML doubles the size of the message.
As for the 'single source' that's got to be joke, no?
Ingo
On Fri, 11 Jul 2003 23:32:48 +0100
SINTRAQ [EMAIL PROTECTED] wrote:
Note: This is a high volume mailing list and all emails are in HTML
format.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The first documented Windows message based privilege escalation attacks
predated Shatter by over a year. WM_TIMER was not the first, it was
WM_COPYDATA.
http://www.atstake.com/research/advisories/2001/a020501-1.txt
(loper)
-BEGIN PGP
19 matches
Mail list logo