[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OpenSSH: What went wrong?
In some mail from Philipp Buehler, sie said:
> On 29/06/2002, Darren Reed <firstname.lastname@example.org> wrote Cc email@example.com:
> > > I'm the last person to defend Theo, but I have to ask. Has your code been
> > > audited for integer overflows yet? Of course, you had the whole format
> > > string bug issue taken care of well before they became popular, right?
> > Since you've asked, I'll answer. I didn't worry about the format string
> > problem when it became popular because I don't believe any of my code was
> > written in such a way that it was a problem. As for integer overflows,
> You believe? That's an outstanding process. I expect that you'll
> change this.
> I guess you have been believing that ipf was not vulnerable to
> fragrouter? What has been wrong in your process? At the point of
> time ipf was reported to be vulnerable, this was not a 'new class of
> bugs'. What does your audit-track-log say? You have one, dont you?
Maybe I'm being really dense here, but what does fragrouter
have to do with IPFilter ? IPFilter is not a NIDS.
What is fragrouter?
Fragrouter is a network intrusion detection evasion toolkit. It
implements most of the attacks described in the Secure Networks
"Insertion, Evasion, and Denial of Service: Eluding Network Intrusion
Detection" paper of January 1998.