mailing list archives
From: elfchief () lupine org (Jay 'Whip' Grizzard)
Date: Tue, 12 Sep 1995 10:58:01 -0700
I saw the "pmcrash" program, but I never saw the commentary on it that
was supposedly sent before the exploit was sent. Anyone know the details
of how it works? (other than the obvious explenation provided by reading
I talked to livingston via email, they indicated that this problem
has already been fixed for the "portmaster" products, but that for
other products (the IRX routers, etc), a fix would be present in
_the next major release of the software_. Given that livingston has just
done a major release of their software, I wonder how long it's going to
be until I can get fixed software.
I, personally, can't understand such a passive attitude on the part of
Livingston -- I personally would call a bug where you can crash virtually
anyone's network connection, from virtually anywhere in the world, to be
a major bug. Maybe it's just me...
ObBugTraq: Apparently (at least, under limited testing), putting up a filter
to prevent folks from getting to your login port from the outside world
will protect you -- Except I don't _want_ to have to start filtering things
out, and in some circuimstances (backbone routers, etc), it's not exactly
a viable option. Do YOU want to have the bandwith of several T1's all
running through a filter before they get off the router? No, thanks...
McDonalds looks more and more tempting as a place of employment...