From vern at icir.org  Wed Oct  2 10:23:58 2002
From: vern at icir.org (Vern Paxson)
Date: Wed, 02 Oct 2002 10:23:58 -0700
Subject: new mailing list for Bro developers 
Message-ID: <200210021723.g92HNwAq004321@jaguar.icir.org>

There's now a new mailing list, bro-devel at lbl.gov, for announcements of
new "current" Bro release snapshots, and for discussing Bro development
and portability issues.  If you want to sub-scribe to it, send email to
majordomo at lbl.gov with "sub-scribe bro-devel" in the message body
(*except* remove the '-' from sub-scribe, which I only put in there because
otherwise *this* message will be auto-bounced by majordomo's overly protective
filtering!).

The main bro at lbl.gov list remains for discussing general Bro issues/problems/
questions, and for announcements of major ("stable") releases.

Also, there will soon be a Bro home page that will include the current
"To Do" list of projects, in case you want to tackle one.

		Vern


From athomas at cc.gatech.edu  Wed Oct  2 11:12:11 2002
From: athomas at cc.gatech.edu (Ashley Thomas)
Date: Wed, 2 Oct 2002 14:12:11 -0400
Subject: new mailing list for Bro developers 
In-Reply-To: <200210021723.g92HNwAq004321@jaguar.icir.org>
Message-ID: <KIEBKAEFKELBPMDCKDBOKEBPCFAA.athomas@cc.gatech.edu>

>Also, there will soon be a Bro home page that will include the current
>"To Do" list of projects, in case you want to tackle one.

cool. that will be interesting.. !

-ashley

-----Original Message-----
From: owner-bro at lbl.gov [mailto:owner-bro at lbl.gov]On Behalf Of Vern
Paxson
Sent: Wednesday, October 02, 2002 1:24 PM
To: bro at lbl.gov
Subject: new mailing list for Bro developers


There's now a new mailing list, bro-devel at lbl.gov, for announcements of
new "current" Bro release snapshots, and for discussing Bro development
and portability issues.  If you want to sub-scribe to it, send email to
majordomo at lbl.gov with "sub-scribe bro-devel" in the message body
(*except* remove the '-' from sub-scribe, which I only put in there because
otherwise *this* message will be auto-bounced by majordomo's overly
protective
filtering!).

The main bro at lbl.gov list remains for discussing general Bro
issues/problems/
questions, and for announcements of major ("stable") releases.

Also, there will soon be a Bro home page that will include the current
"To Do" list of projects, in case you want to tackle one.

		Vern



From vern at icir.org  Wed Oct  2 21:37:37 2002
From: vern at icir.org (Vern Paxson)
Date: Wed, 02 Oct 2002 21:37:37 -0700
Subject: patch to Bro to detect the newly announced Solaris Telnet remote exploit
Message-ID: <200210030437.g934bbAq017240@jaguar.icir.org>

The following patch creates a new event, login_prompt, which you can then
examine in your policy script.  The "right" approach would be to modify
Bro to send up the entire Telnet environment, since it's already extracting
$DISPLAY and $TERM as well as now $TTYPROMPT; but for expediency I just
added $TTYPROMPT as a separate event, similar to the other two.

This will be incorporated in the next "current" release.

		Vern


*** Login.cc	2002/09/15 16:14:31	1.11
--- Login.cc	2002/10/03 00:13:16
***************
*** 348,353 ****
--- 348,363 ----
  
  			mgr.QueueEvent(login_display, vl);
  			}
+ 
+ 		else if ( login_prompt && streq(name, "TTYPROMPT") )
+ 			{
+ 			val_list* vl = new val_list;
+ 
+ 			vl->append(BuildConnVal());
+ 			vl->append(new StringVal(val));
+ 
+ 			mgr.QueueEvent(login_prompt, vl);
+ 			}
  		}
  
  	delete name;
*** NetVar.h	2002/10/01 23:45:17	1.68
--- NetVar.h	2002/10/03 00:13:46
***************
*** 134,139 ****
--- 134,140 ----
  extern Func* login_confused_text;
  extern Func* login_terminal;
  extern Func* login_display;
+ extern Func* login_prompt;
  extern Func* excessive_line;
  
  extern Func* authentication_accepted;
*** NetVar.cc	2002/10/01 23:45:17	1.72
--- NetVar.cc	2002/10/03 00:13:54
***************
*** 130,135 ****
--- 130,136 ----
  Func* login_confused_text;
  Func* login_terminal;
  Func* login_display;
+ Func* login_prompt;
  Func* excessive_line;
  
  Func* authentication_accepted;
***************
*** 393,398 ****
--- 394,400 ----
  	login_confused_text = internal_func("login_confused_text");
  	login_terminal = internal_func("login_terminal");
  	login_display = internal_func("login_display");
+ 	login_prompt = internal_func("login_prompt");
  	excessive_line = internal_func("excessive_line");
  
  	authentication_accepted = internal_func("authentication_accepted");
*** bro.init	2002/10/01 23:38:16	1.127
--- bro.init	2002/10/03 00:13:28
***************
*** 573,578 ****
--- 573,579 ----
  global login_confused_text: event(c: connection, line: string);
  global login_terminal: event(c: connection, terminal: string);
  global login_display: event(c: connection, display: string);
+ global login_prompt: event(c: connection, prompt: string);
  global excessive_line: event(c: connection);
  
  global authentication_accepted: event(name: string, c: connection);
*** login.bro	2002/09/23 22:23:01	1.26
--- login.bro	2002/10/03 00:17:39
***************
*** 407,412 ****
--- 407,418 ----
  		hot_login(c, fmt("%s term %s", id_string(c$id), terminal), "trb");
  	}
  
+ event login_prompt(c: connection, prompt: string)
+ 	{
+ 	# Could check length >= 6, per Solaris exploit ...
+ 	hot_login(c, fmt("%s $TTYPROMPT %s", id_string(c$id), prompt), "trb");
+ 	}
+ 
  event excessive_line(c: connection)
  	{
  	if ( is_login_conn(c) )


From wsffree at hotmail.com  Wed Oct 16 05:41:32 2002
From: wsffree at hotmail.com (Wang Shaofu)
Date: Wed, 16 Oct 2002 20:41:32 +0800
Subject: about Telnet
Message-ID: <F7FJ3sl3xbYiMCIqtQv0000018b@hotmail.com>

Hi 

Could you tell me where to get tht source code of Telnet?

Thank you very much
Have a nice day
Ciao

Cloud

_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com/lccn/ 



From vern at icir.org  Fri Oct 18 03:19:06 2002
From: vern at icir.org (Vern Paxson)
Date: Fri, 18 Oct 2002 03:19:06 -0700
Subject: about Telnet 
In-Reply-To: Your message of Wed, 16 Oct 2002 20:41:32 +0800.
Message-ID: <200210181019.g9IAJ6sE004173@jaguar.icir.org>

> Could you tell me where to get tht source code of Telnet?

I'm not sure what you mean.  Bro's Telnet analyzer is in Telnet.cc, not
surprisingly.  (It builts on Login.cc.)  If you mean the source code for
a Telnet server or client, you can find those in *BSD or Linux sources.

		Vern


From wsffree at hotmail.com  Mon Oct 21 04:32:09 2002
From: wsffree at hotmail.com (Wang Shaofu)
Date: Mon, 21 Oct 2002 19:32:09 +0800
Subject: about Telnet
Message-ID: <F184I5KBTl2XTRWJFa6000065eb@hotmail.com>

>If you mean the source code for a Telnet server or client, you can find 
those in >*BSD or Linux sources.

Thanks alot
I got it by : rpm -i telnet*.src.rpm

Have a nice day.
Ciao
Cloud

_________________________________________________________________
??????????????? MSN Hotmail? http://www.hotmail.com