mailing list archives
From: jtb () PUBNIX ORG (jtb)
Date: Tue, 5 May 1998 12:10:25 -0400
That won't work either, as the advisory said that any ip address on the
Class C would do the trick. This will however stop script kids from just
compiling and running the exploit, however if you really want to stop all
further successful exploits, you'll have to put in a ruleset to deny
packets from the entire class c.
On Tue, 5 May 1998, Mark Morgan wrote:
We've found that putting 18.104.22.168 into the ip ban list on the server does
NOT work for this exploit, using Jeff's exploit for this. Instead, we had to
us ipfwadm, to block incoming packets from this site, which did the trick(this
being under Linux).