ABfrag followup / WITHOUT ATTACHMENT

-----BEGIN PGP SIGNED MESSAGE-----

Greetings again,
Due to legal restrictions in the ABfrags output the Securityfocus staff are
refusing to distribute the binary on any of their lists and I do not have the
time or patience to reply to each repondant individually.
It is quite frankly staggering to see politics playing such a role in the
security of my organization's infrastrcuture.
If anybody could email offering a _PUBLIC_ place for the distribution of this
binary (it seems to be all over several IRC networks and I have recieved two
other reports of similar compromise from subscribers to these lists) then I
will more than happy to provide you with it.

The behaviour that triggered my IDS was rapidly mounting unsequenceable seq
numbers in the TCP stream. There seemed to be a backlog of unsent traffic
from my gateway box causing a rise in the size of the TCP queue in one of
the internal unrouted machines - also a Linux (2.4.17).
Unfortunately a non-disclosure agreement I have signed with my current
employers prohibits me from releasing any IDS logs or even the location
of the network - I am probably sailing a bit close to wind as it is.

As for the gateway machine itself; it was running no server processes and
has very little client activity - only the occasional reboot or reconfiguration.
We had installed the 'grsec' security patch and had enabled non-executable
user pages as a precaution against intrustion. Due to performance hits, however,
we had not enabled ET_DYN or non-executable kernel pages.

Again a very big thankyou to all those who have responded, I will try
to get a personal reply to you all as soon as possible. However, as I'm
sure you can appreciate my current schedule is somewhat hectic.

Yours,
Daniel Roberts
Head Network Manager

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wmMEARECACMFAj22txocHGRhbmllbC5yb2JlcnRzQGh1c2htYWlsLmNvbQAKCRBLfvv8
SUo/d09uAKCjR2r697zsAKYpCo+5hT8eS2BakwCgvD954VHzuQpQo1a9oAqJPDQY5Nw=
=7jva
-----END PGP SIGNATURE-----




Get your free encrypted email at https://www.hushmail.com