OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
daniel.roberts_at_hushmail.com
Date: Thu Oct 24 2002 - 09:38:36 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----

    Greetings again,
    Due to legal restrictions in the ABfrags output the Securityfocus staff are
    refusing to distribute the binary on any of their lists and I do not have the
    time or patience to reply to each repondant individually.
    It is quite frankly staggering to see politics playing such a role in the
    security of my organization's infrastrcuture.
    If anybody could email offering a _PUBLIC_ place for the distribution of this
    binary (it seems to be all over several IRC networks and I have recieved two
    other reports of similar compromise from subscribers to these lists) then I
    will more than happy to provide you with it.

    The behaviour that triggered my IDS was rapidly mounting unsequenceable seq
    numbers in the TCP stream. There seemed to be a backlog of unsent traffic
    from my gateway box causing a rise in the size of the TCP queue in one of
    the internal unrouted machines - also a Linux (2.4.17).
    Unfortunately a non-disclosure agreement I have signed with my current
    employers prohibits me from releasing any IDS logs or even the location
    of the network - I am probably sailing a bit close to wind as it is.

    As for the gateway machine itself; it was running no server processes and
    has very little client activity - only the occasional reboot or reconfiguration.
    We had installed the 'grsec' security patch and had enabled non-executable
    user pages as a precaution against intrustion. Due to performance hits, however,
    we had not enabled ET_DYN or non-executable kernel pages.

    Again a very big thankyou to all those who have responded, I will try
    to get a personal reply to you all as soon as possible. However, as I'm
    sure you can appreciate my current schedule is somewhat hectic.

    Yours,
    Daniel Roberts
    Head Network Manager

    -----BEGIN PGP SIGNATURE-----
    Version: Hush 2.2 (Java)
    Note: This signature can be verified at https://www.hushtools.com/verify

    wmMEARECACMFAj22txocHGRhbmllbC5yb2JlcnRzQGh1c2htYWlsLmNvbQAKCRBLfvv8
    SUo/d09uAKCjR2r697zsAKYpCo+5hT8eS2BakwCgvD954VHzuQpQo1a9oAqJPDQY5Nw=
    =7jva
    -----END PGP SIGNATURE-----

    Get your free encrypted email at https://www.hushmail.com