[16475] in bugtraq
Re: Remote DoS Attack in Eeye Iris 1.01 and SpyNet CaptureNet
daemon@ATHENA.MIT.EDU (Jay D. Dyson)
Thu Aug 31 20:33:27 2000
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.GSO.3.96.1000831142857.22070A-100000@crypto>
Date: Thu, 31 Aug 2000 14:41:33 -0700
Reply-To: "Jay D. Dyson" <jdyson@TREACHERY.NET>
From: "Jay D. Dyson" <jdyson@TREACHERY.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <NCBBKFKDOLAGKIAPMILPKENJCGAA.labs@ussrback.com>
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 31 Aug 2000, Ussr Labs wrote:
> Remote DoS Attack in Eeye Iris 1.01 and SpyNet CaptureNet v3.12
> Vulnerability
I don't typically do this, but I feel I must question the validity
(and even the value) of issuing a DoS advisory on products that are either
in Beta or no-longer-supported.
That a product is in Beta means that the vendor has a distinctly
open-door policy on any bug reports regarding the software. Beta == Bugs.
No surprise there. ...Yet when a product is no longer supported, issuing
a DoS exploit against it isn't only yesterday's news...it's slapping the
jellied *remains* of a dead horse.
And for what it's worth, I made attempts to replicate this
"attack" on systems here. None of them crashed.
- -Jay
( ______
)) .--- "There's always time for a good cup of coffee" ---. >===<--.
C|~~| (>-------- Jay D. Dyson -- jdyson@treachery.net --------<) | = |-'
`--' `-- Encrypt as if your life depends on it. It does. --' `-----'
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBOa7RFdCClfiU/BIVAQEuAgQArsJff5jTeWwJjbR5HeKE5CSuKTE5jAik
y3djx9aeDYhIkaAXdvCFCnBu72qRoFRNFP4ISkt8UTV7N37BpMOyvAm9RWFy3zBx
VSSk6/TOlQ7U63sXqayAUgqy8X5eZSEzGvhaYM3ToKO1I1zzIcvhg1K7VbNLIfeU
sw0JrzN2wBo=
=4V1t
-----END PGP SIGNATURE-----
