[lug] TSIG overflow
charles at lunarmedia.net
charles at lunarmedia.net
Wed Feb 28 17:19:51 MST 2001
>
> I'm forced to wonder why they want you to demonstrate the exploit. Are
> they planning on trying to make use of it, or do they not believe you
> that it's possible?
>
your wonder is the reason why i started my first post the way
i did. the clients i am dealing with host a myriad of sites on
several linux boxes which were extremely out of date. i am not
really certain if they are in the mood of "prove it!" or hope
to use the same exploit on some else. they've come threatening
that it was our network's security that left them vulnerable,
and they are planning on pulling their service if we can't
prove otherwise. i've pointed them to the docs on cert, but i'm
dealing with a very hard-headed group.
i have no plans of putting the code into their hands, but i'm
not willing to let their monthly revenue leave the company on
account of this request. if they had asked for the code, i would
question their motive. right now, i think they are in a bit of
shock, and have never really seen a box compromised. if i could
tell you their root password, you'd understand that these guys
arent techies that got into business, but business grads that
got into tech.
i can understand the hesitation and the raised eyebrows concerning
the question, but i'm a network/linux admin working for a legit
company that needs to prove a point. i appreciate the concern and
would probably have the same reaction.
regards, -cjm
More information about the LUG
mailing list