Re: RSI.0001.05-01-98.ALL.QUAKE_SERVER

From: jtb (jtbat_private)
Date: Tue May 05 1998 - 09:10:25 PDT

Next message: Efrain Torres - Estudiante General: "[MORE] Lynx's 2.x buffers overflows"

Previous message: Pavel Kankovsky: "Re: TOG and xterm problem"
Maybe in reply to: mea culpa: "RSI.0001.05-01-98.ALL.QUAKE_SERVER"
Next in thread: Christian Antkow: "Re: RSI.0001.05-01-98.ALL.QUAKE_SERVER"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

That won't work either, as the advisory said that any ip address on the
Class C would do the trick.  This will however stop script kids from just
compiling and running the exploit, however if you really want to stop all
further successful exploits, you'll have to put in a ruleset to deny
packets from the entire class c.

On Tue, 5 May 1998, Mark Morgan wrote:

> We've found that putting 194.246.40.42 into the ip ban list on the server does
> NOT work for this exploit, using Jeff's exploit for this.  Instead, we had to
> us ipfwadm, to block incoming packets from this site, which did the trick(this
> being under Linux).
>
> Mark Morgan
> Network Operations,
> GI/GX Networks.
>

Next message: Efrain Torres - Estudiante General: "[MORE] Lynx's 2.x buffers overflows"
Previous message: Pavel Kankovsky: "Re: TOG and xterm problem"
Maybe in reply to: mea culpa: "RSI.0001.05-01-98.ALL.QUAKE_SERVER"
Next in thread: Christian Antkow: "Re: RSI.0001.05-01-98.ALL.QUAKE_SERVER"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:52:12 PDT