lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 14 Sep 2005 07:11:16 -0700
From: "Ferguson, Justin (IARC)" <FergusonJ@...doe.gov>
To: "'purplebag@...il.com'" <purplebag@...il.com>,
	"Ferguson, Justin (IARC)" <FergusonJ@...doe.gov>
Cc: "Martin Roesch" <roesch@...rcefire.com>,
	snort-devel@...ts.sourceforge.net, snort-users@...ts.sourceforge.net,
	bugtraq@...urityfocus.com
Subject: RE: [Snort-devel] Re: Snort DoS Fallacies


> good lord you fame mongering whores really need to get some skill. 

Aren't you just capitalizing on it yourself?

>Personally I try to make sure I am actually looking at the right code
>before I spout off. Then I take the time to verify what I believe.
>This shit is simply foolish. Of course I never disclose what I find so
>it doesn't matter for me.

Blackhat has just become another term for 'hasn't done anything'

>A DOS in a non critical component without any chance of remote code
>execution is hardly worth this intellectual fart.

Non-critical to who? You? Believe it or not, some people, gasp, actually do
use ASCII logging.

>Maybe I got my CVS checkout from the wrong server or something but I
>can't find more than one call in the snapshot I have
>
>...snort-2.4.0/src/preprocessors $ grep PrintIPPkt spp_frag3.c 
>        PrintIPPkt(stdout, defrag_pkt->iph->ip_proto, defrag_pkt);
>

Maybe, I grabbed my snapshot from snort.org, and as of my last email you
could find it there to. 

>Ultimately It seems that he was right and you were wrong so perhaps
>you need to check your attitude and code at the door.

Oops, mistake on your part, its okay though I understand that we can't all
be so bright as to get our sources from snort.org, and I'm used to dealing
with ignorant and rude people, I do after all live in Vegas.

The rest really isn't worth replying to, PHC spawned a million idiots like
you running around pretending to be blackhats with cool netmasks like
'whiteh8.net', never actually doing anything and hiding behind the guise
that you don't believe in disclosure to cover the fact that you haven't
written nor found any exploits, and in the end you end up being just as bad
as (most of) the whitehats, useless and ignorant.



J. Ferguson
Intrusion Analyst
NNSA Information Assurance Response Center 
fergusonj@...doe.gov



















> 
> >BTW, you missed that we also call PrintTCPHeader in spo_alert_full.c,
> >which is actually done in the default config case, so this is
> >something you might want to worry about if you're using full alerting
> >for whatever reason.  For the record, the recommended alerting modes
> >for a production sensor are unified, syslog or database.
> 
> Thank you for adding to my point. This makes what 3 possible routes of
> execution + the -v route for a total of 4 without debugging, and 6 if
> debugging was to be enabled. Still quite a long ways from the 'only if you
> are using -v'.

So basically your point is you don't have a clue, are a superfluous
twit, incompetent fame whore, and chump?

Perhaps you just sit in your chair masturbating to captured porn all
day and that is why you didn't have time to verify your specious shit.
Give me your address and I will send you the lapjuicer so you can at
least make a profit when you and your buddies get together.

http://3eyes.co.uk/views/public/?doc=Lapjuicer

Just my personal grumpy thoughts of the moment.


-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Snort-devel mailing list
Snort-devel@...ts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel



-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Snort-users mailing list
Snort-users@...ts.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ