From CheckPoint Solutions: Solution ID: #sk31316 Product: VPN-1/FireWall-1 Version: NG AI, NGX Last Modified: 14-Nov-2005
Symptoms On Monday, November 14th, NISCC has issued a warning about a possible denial of service condition for IKEv1. No known exploit exists. (NISCC Vulnerability Advisory 273756)
Cause This issue was identified using the PROTOS ISAKMP Test Suite for IKEv1 which was published through NISCC.
The issue is due to a problem with the implementation of the IKE protocol. The issue might cause a crash of the IKE daemon (vpnd) during the processing of IKE packet 5.
An attacker needs to perform a full IKE negotiation with the attacked VPN gateway in order to cause the denial of service condition; no single packet attack is possible. No further exploit is possible. There is no possibility of code execution relating to this issue. Given the nature of the issue, crafting an exploit is extremely difficult.
Solution Install the latest HFA (HotFix Accumulator)
We don't rely on our raised floors for any cooling needs, simply for connectivity and power cable maangement. We have ladder racks under the tiles to keep the cables neat, and everthing lines up great. When fibre is needed we usually run it in a conduit though to keep it safe.
a) buy gold b) hide in 50% legit 5% return businesses c) learn sign language d) study tonnes of tonnes of history of cold ware espianage e) never ever talk , paint a false picture to everyone including your wife/kids f) cover tracks and never park anywhere, unless you own the govt, or they owe you billions.
"The rules are: The highest rank proposes how to divvy things up and there is a vote, if it's 50% or more against, you kill that highest rank and then the next highest gives a plan" and so on and so on
"So, I think the two possible solutions are:
97,0,1,2,0
and
97,0,1,0,2"
For the first pirate to not die he needs to secure 3 votes, and subordinate pirates don't die.
Pirates want to stay alive first, and get the most gold second (as being alive is a prerequisite to getting gold). Pirates are also assumed to be completely logical.
In 97-0-1-2-0 The votes may be pass-fail-pass-pass-fail, securing the three votes, but the first pirate has not succeeded in gaining the most gold.
In 97-0-1-0-2 The votes may be pass-fail-pass-fail-pass, also getting three votes.
In 98-0-1-0-1 the votes can also land pass-fail-pass-fail-pass with the first pirate maximizing his profits.
It's not enough to just compare the distributions, as negative votes will result in dead pirates...
The biggest disciminator in this problem is parity, if there are an even number of pirates the distribution would lie as 50-0-1-0-1-0.........-1-0
This descion will mean that all chat rooms will be pretty much empty, after all isn't eveyone in chat a 16/f/ny or 15/f/ca chatter already?
Maybe this will help spawn a resurgance of IRC, the first wide-use chat, always lurking in the dark and shady corners of the 'net.
Odds are very low that RIM will realyl be forced to shut down, NTP is obviously in this for the money, not to prevent the use of this technology.
Just checked my blackberry...and all is still up as of 10:13EST.
MS Clustering does add several layers of complexicity to a MS environment, and anyone administrating any part of the server needs to be fully aware of the environment, other wise a DBA shutting down a database server will trigger a failover event unexpectedly.
Clustering can be used for load balancing multiple applications over the array members, provided that a LUN is provided for each application, that way if a node fails the other can carry it, albeit at 50% performance.
I've had plenty of fault tolerant servers (multiple PSU's, RAID, hot-swap memory, NIC's, the works) but none of that helps a bit against a BSOD.
An attractive alternative is the luke-warm spare, where you have a redundant server that meets the hardware needs of many of your servers, with either preloaded SCSI disks in a box, or at least images sitting on tape/dvd ready to load.
The monetary losses that the NYC subway system may face are substatial:
1. Make the subway system confusing
2. Do not provide maps
3. Prevent anyone else from publishing maps
4. Riders get lost, have to take extra subway trips
5. Profit!
Slashdot Mirror
From CheckPoint Solutions:
Solution ID: #sk31316
Product: VPN-1/FireWall-1
Version: NG AI, NGX
Last Modified: 14-Nov-2005
Symptoms
On Monday, November 14th, NISCC has issued a warning about a possible denial of service condition for IKEv1. No known exploit exists.
(NISCC Vulnerability Advisory 273756)
Cause
This issue was identified using the PROTOS ISAKMP Test Suite for IKEv1 which was published through NISCC.
The issue is due to a problem with the implementation of the IKE protocol.
The issue might cause a crash of the IKE daemon (vpnd) during the processing of IKE packet 5.
An attacker needs to perform a full IKE negotiation with the attacked VPN gateway in order to cause the denial of service condition; no single packet attack is possible.
No further exploit is possible.
There is no possibility of code execution relating to this issue.
Given the nature of the issue, crafting an exploit is extremely difficult.
Solution
Install the latest HFA (HotFix Accumulator)
It does not have to just be l337 becuase it's got nix on it, make it be your uplink to the newest versin of IP, the Interplanetary Protocol [http://en.wikipedia.org/wiki/Interplanetary_inter net%5D
We don't rely on our raised floors for any cooling needs, simply for connectivity and power cable maangement. We have ladder racks under the tiles to keep the cables neat, and everthing lines up great. When fibre is needed we usually run it in a conduit though to keep it safe.
SDBot is certainly not 'breaking news' variants have been out for more then 4 months!(http://vil.nai.com/vil/content/v_134563.ht m)
People choosing to run executables from IM's (while logged in as adminsitrators) get what they deserve.
Didn't I see this on a TV show...except you had to hit a code every 108 mins.
"I think so, Brain, but I find scratching just makes it worse."
Are you pondering what I'm pondering Pinky?
Nothing to see here, not even an A to FR!
Could we at least get a coupon?
a) buy gold
b) hide in 50% legit 5% return businesses
c) learn sign language
d) study tonnes of tonnes of history of cold ware espianage
e) never ever talk , paint a false picture to everyone including your wife/kids
f) cover tracks and never park anywhere, unless you own the govt, or they owe you billions.
Plus, you forgot...
(g) Don't give away all your secrets.
But you forgot....
(h) ???
(i) Profit!
"The rules are: The highest rank proposes how to divvy things up and there is a vote, if it's 50% or more against, you kill that highest rank and then the next highest gives a plan" and so on and so on
"So, I think the two possible solutions are: 97,0,1,2,0 and 97,0,1,0,2" For the first pirate to not die he needs to secure 3 votes, and subordinate pirates don't die. Pirates want to stay alive first, and get the most gold second (as being alive is a prerequisite to getting gold). Pirates are also assumed to be completely logical. In 97-0-1-2-0 The votes may be pass-fail-pass-pass-fail, securing the three votes, but the first pirate has not succeeded in gaining the most gold. In 97-0-1-0-2 The votes may be pass-fail-pass-fail-pass, also getting three votes. In 98-0-1-0-1 the votes can also land pass-fail-pass-fail-pass with the first pirate maximizing his profits. It's not enough to just compare the distributions, as negative votes will result in dead pirates... The biggest disciminator in this problem is parity, if there are an even number of pirates the distribution would lie as 50-0-1-0-1-0.........-1-0
...wallets... !?!? What's it going to do, refuse to open up? Self Destruct? It's a wallet!
This descion will mean that all chat rooms will be pretty much empty, after all isn't eveyone in chat a 16/f/ny or 15/f/ca chatter already? Maybe this will help spawn a resurgance of IRC, the first wide-use chat, always lurking in the dark and shady corners of the 'net.
Odds are very low that RIM will realyl be forced to shut down, NTP is obviously in this for the money, not to prevent the use of this technology. Just checked my blackberry...and all is still up as of 10:13EST.
MS Clustering does add several layers of complexicity to a MS environment, and anyone administrating any part of the server needs to be fully aware of the environment, other wise a DBA shutting down a database server will trigger a failover event unexpectedly.
Clustering can be used for load balancing multiple applications over the array members, provided that a LUN is provided for each application, that way if a node fails the other can carry it, albeit at 50% performance.
I've had plenty of fault tolerant servers (multiple PSU's, RAID, hot-swap memory, NIC's, the works) but none of that helps a bit against a BSOD.
An attractive alternative is the luke-warm spare, where you have a redundant server that meets the hardware needs of many of your servers, with either preloaded SCSI disks in a box, or at least images sitting on tape/dvd ready to load.
The monetary losses that the NYC subway system may face are substatial: 1. Make the subway system confusing 2. Do not provide maps 3. Prevent anyone else from publishing maps 4. Riders get lost, have to take extra subway trips 5. Profit!
I, for one, welcome our new dolphin overlords