[6675] in bugtraq
Re: RSI.0001.05-01-98.ALL.QUAKE_SERVER
daemon@ATHENA.MIT.EDU (jtb)
Tue May 5 16:46:01 1998
Date: Tue, 5 May 1998 12:10:25 -0400
Reply-To: jtb <jtb@PUBNIX.ORG>
From: jtb <jtb@PUBNIX.ORG>
X-To: Mark Morgan <mgm@GXN.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199805051001.LAA12021@diamond.xara.net>
That won't work either, as the advisory said that any ip address on the
Class C would do the trick. This will however stop script kids from just
compiling and running the exploit, however if you really want to stop all
further successful exploits, you'll have to put in a ruleset to deny
packets from the entire class c.
On Tue, 5 May 1998, Mark Morgan wrote:
> We've found that putting 194.246.40.42 into the ip ban list on the server does
> NOT work for this exploit, using Jeff's exploit for this. Instead, we had to
> us ipfwadm, to block incoming packets from this site, which did the trick(this
> being under Linux).
>
> Mark Morgan
> Network Operations,
> GI/GX Networks.
>
