-----BEGIN PGP SIGNED MESSAGE----- Greetings again, Due to legal restrictions in the ABfrags output the Securityfocus staff are refusing to distribute the binary on any of their lists and I do not have the time or patience to reply to each repondant individually. It is quite frankly staggering to see politics playing such a role in the security of my organization's infrastrcuture. If anybody could email offering a _PUBLIC_ place for the distribution of this binary (it seems to be all over several IRC networks and I have recieved two other reports of similar compromise from subscribers to these lists) then I will more than happy to provide you with it. The behaviour that triggered my IDS was rapidly mounting unsequenceable seq numbers in the TCP stream. There seemed to be a backlog of unsent traffic from my gateway box causing a rise in the size of the TCP queue in one of the internal unrouted machines - also a Linux (2.4.17). Unfortunately a non-disclosure agreement I have signed with my current employers prohibits me from releasing any IDS logs or even the location of the network - I am probably sailing a bit close to wind as it is. As for the gateway machine itself; it was running no server processes and has very little client activity - only the occasional reboot or reconfiguration. We had installed the 'grsec' security patch and had enabled non-executable user pages as a precaution against intrustion. Due to performance hits, however, we had not enabled ET_DYN or non-executable kernel pages. Again a very big thankyou to all those who have responded, I will try to get a personal reply to you all as soon as possible. However, as I'm sure you can appreciate my current schedule is somewhat hectic. Yours, Daniel Roberts Head Network Manager -----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wmMEARECACMFAj22txocHGRhbmllbC5yb2JlcnRzQGh1c2htYWlsLmNvbQAKCRBLfvv8 SUo/d09uAKCjR2r697zsAKYpCo+5hT8eS2BakwCgvD954VHzuQpQo1a9oAqJPDQY5Nw= =7jva -----END PGP SIGNATURE----- Get your free encrypted email at https://www.hushmail.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Oct 24 2002 - 14:27:50 PDT