Subject: Re: rumors about remote *BSD exploits
From: Justin Wojdacki <email@example.com>
Date: 06/17/2002 09:54:30
At least one person mentioned in the chatlogs is stepping forward to
claim it's a hoax:
Subject: Re: openbse rumours
Date: Mon, 17 Jun 2002 11:05:11 -0500 (CDT)
From: pr0ix <firstname.lastname@example.org>
Earlier today, someone calling themselves ``Van Cloude Jandame''
posted a message to VULN-DEV and OpenBSD-misc entitled ``openbse
> (within the rest of them) talking about the 7350-crocodile.c,
> 7350-obsdftpd.c and the 7350-pf.c exploit code by team teso made with
> support of GOBBLES Security, who gave them the advisories.
With the exception of 7350oftpd (which is public), these exploits do
exist. Furthermore, GOBBLES is a deliberate joke played out by some
avid fans of non-disclosure.
> <m0rgan> ./a.out
> <m0rgan> 7350-crocodile - x86/OpenBSD apache/telnetd/sshd
> *** pr0ix (email@example.com) has joined #darknet
These logs are fake. No such conversation ever occurred.
> <m0rgan> ./7350-crocodile [options] [host] [port] [misc-option]
> <m0rgan> -d <daemon> (1= apache, 2= telnetd, 3= sshd)
This, too, is fake.
Conclusion: This is a poor attempt at conjuring up the spectre of
``unreleased OpenBSD exploits'' in people's minds. Don't fall for it.
firstname.lastname@example.org (408) 350-5032
Communications Processors Group -- Analog Devices