Request History

4 previous requests available

• Restore to current request
• nvdreves/view/415785
• nvdreves/view/24051
• nvdreves/view/191664
• cveinfos/index/page:335/sort:id/direction:desc

Session

• 0(null)

Request

Cake Params

• plugin(null)
• controllercveinfos
• actionindex
• named(array)
  • page344
  • sortid
  • directionasc
• pass(empty)
• paging(array)
  • Cveinfo(array)
    • page344
    • current5
    • count104715
    • prevPage(true)
    • nextPage(true)
    • pageCount20943
    • order(array)
      • Cveinfo.idasc
    • limit5
    • options(array)
      • page344
      • order(array)
        • Cveinfo.idasc
      • sortid
      • directionasc
      • conditions(empty)
    • paramTypenamed

Post data

No post data.

Query string

No querystring data.

Cookie

To view Cookies, add CookieComponent to Controller

Current Route

• keys(array)
  • 0controller
  • 1action
• options(array)
  • defaultRoute(true)
• defaults(array)
  • plugin(null)
• template/:controller/:action/*

Sql Logs

Logs

View Variables

• cveinfos(array)
  • 0(array)
    • Cveinfo(array)
      • id1716
      • nameCVE-2000-0138
      • statusCandidate
      • descriptionA system has a distributed denial of service (DDOS) attack master, agent, or zombie installed, such as (1) Trinoo, (2) Tribe Flood Network (TFN), (3) Tribe Flood Network 2000 (TFN2K), (4) stacheldraht, (5) mstream, or (6) shaft.
      • phaseModified (20130104-02)
      • votesACCEPT(2) Cole, Wall | NOOP(4) Christey, Dik, Levy, Shostack | RECAST(3) Baker, Meunier, Ziese | REVIEWING(2) Bishop, Blake
      • commentsChristey> ********************************************************** | THIS CANDIDATE HAS GENERATED A LONG THREAD. SEE THE | EDITORIAL BOARD ARCHIVES FOR DETAILS, BEGINNING AT | | http://cve.mitre.org/Board_Sponsors/archives/msg00590.html | | ********************************************************** | Ziese> | I suggest we I"d like to suggest that we consider not tying | specifically to a DDOS tool. Instead, since we are at at higher | abstraction level, that we make the class include those master/slave | tool combinations that are used for malicious purposes (i.e. DDOS, | data exfiltration, or whatever the appropriate classes of effect are). | | My concern is that (1) we treat all distributed attacks at the same | abstract level; not just the DDOS ones. Second, if it is at a higher | abstraction level then it seems right to unlimit it (by including | master/slave combinations in general; not just the DDOS asect). | Meunier> I think that trinoo etc... are very similar to smurf attacks | (CVE-1999-0513 ) in the sense that a third party allows itself to be | used. Also, there is an obvious solution that can only be done by | that third party. | | As for the CVE entry, I am considering whether the common entry point | could be reduced to "egress filtering has not been implemented or has | been disabled, allowing the sending of spoofed IP packets". | Incidentally, this would prevent the use of decoys in port scans, | etc... This single CVE entry would be very powerful. We could use | the dot notation to list the DDoS tools and attacks that rely on the | absence of egress filtering based on the argument that if you have | egress filtering, nobody will bother to put or use DDoS tools on your | computers. | | The weakness of this is that one could in theory still use DDoS tools | even if you have egress filtering -- only they will be one shot guns, | almost completely eliminating their appeal and effectiveness. One | use, and they will be blocked, tracked down and destroyed | efficiently. | | Pascal | | P.S.: I am attracted by the idea of starting an internet (fire)wall | of shame, for people who haven"t implemented egress filtering. It | worked pretty well against sites allowing themselves to be used for | smurf attacks (http://www.powertech.no/smurf/). Why not use the same | strategy for egress filtering? Of course it"s hard to know who is | the source of IP spoofed packets. However the consistent detection | of crud originating from a server is a sure sign that they haven"t | implemented egress filtering. For example (my first candidate to | this wall of shame), this weekend the Linux suse ftp server sent many | packets with an illegal ip address as source, one reserved for local | area networks, upon making an ftp connection (it may still be doing | it, I haven"t checked since -- the suse ftp admin mentioned that they | were aware of it). It was easy to figure out it was them by | repeating the ftp connections and observing the 100% reproducibility | and time correlation of the extraneous packets. In addition, the | suse servers kept sending me crud for *hours* after a failed attempt | to download their PPC beta. | | The cost of egress filtering is easily justified. The argument is | similar to those relating to pollution, excepted that people don"t | try to break into your car if you have removed the catalytic | converter. | Bishop> I need to think about the exact meaning of MP. I suspect I | will agree with the classification, on an operational basis | (meaning I may want to revisit it), but I want to think on it | some more. | Blake> I don"t agree with Pascal that this is a filtering problem analogous to | smurf. Rootkit is a better analogy. The DDoS software doesn"t exploit | any unique vulnerability directly. It"s presence is entirely predicated | on the existence of at least one other, easily exploited vulnerability. | >From the perspective of the system owner, this is just one of several | backdoors that could be installed. Seems to me that the presence of a | known backdoor package should be considered a vulnerability (or at least | an exposure). | | I"m really torn on whether or not to split them out, though. My | inclination is to group master and slave by package; i.e., trinoo | master/slave, tfn master/slave, etc. | | Wall> | Just to be consistent, you may add Trinoo (trin00) and does it matter | if it is Tribal or Tribe? The original internal c program says Tribe Flood | Network. | Meunier> What they have in common is the use of an amplification mechanism. | They are broadcasting (multicasting) to a (virtual private) network, | which then amplifies the messages. In both cases, the amplification | is done by the third party victim hosts. The difference is just that | the network is virtual instead of physical. | | | Scott, you are assuming that the people who have the tools installed | are unwilling. Let"s say theoretically speaking that there is an | underground hacker group (or student association) who is hooked up to | DSL lines (like in university residences) and who thinks that it | would be "cool" to form an "army". How about a popular civil | movement protesting something, like the WTO last summer? I think | some people would voluntarily "enlist" their computers in a cause | that would use DDoS attacks. The rootkit analogy does not hold, yet | the DDoS attacks could be just as effective. However, if the | university or ISPs implemented egress filtering, the DDoS attacks | could be easily stopped because the people could be held accountable. | The crux of the matter is the anonymity provided by IP spoofing. | | You are correct that in most cases, having a DDoS tool installed on | your system is an exposure like rootkit. Maybe that deserves a CVE | entry. However, I think that does not capture the nature of the | DDoS, and that an entry about egress filtering is of utmost | importance because it patches a fundamental vulnerability of IPv4. | Blake> Excellent response, Pascal, thanks. I hadn"t thought of people | volunteering, but that"s certainly a plausible scenario. Part of my | motivation/thinking was a desire to stay away from making this into only | yet another use for spoofed IP packets. I wholeheartedly agree that | egress filtering essential, but am reluctant to single out the recent DDoS | events as the reason for it. | | I"d prefer to split out egress filtering as a seperate CVE entry (on the | theory that not using egress filtering constitutes an exposure -- at least | to liability), rather than tying it to these entries. | Levy> I agree with Scott for no other reason that there needs to be a CVE | ID so that IDS systems can report this things. | | Are we going to start handing out CVE ids for low level design faults? | E.g. lack of encryption at the IPv4 packet level? lack of resource | allocation protocols? the used of DES instead of Triple DES? etc | Shostack> Both excellent points, however, I"d like to add that even if people | volunteer to host the tools, Trinoo and company allow the controlling | attacker to hide activities, which counts as an exposure under | http://cve.mitre.org/About_CVE/About/definition.html | Cole> Even with all of the debate i accept this one. | Christey> With respect to inclusion of design flaws in CVE, review | http://cve.mitre.org/Board_Sponsors/archives/msg00602.html | | Other design flaws that have already been added to CVE | include Smurf (CVE-1999-0513), Fraggle (CVE-1999-0514) | and TCP sequence number prediction (CVE-1999-0077), although | this last one may need to be RECAST to a lower level of | abstraction. | CHANGE> [Meunier changed vote from REVIEWING to RECAST] | Meunier> In the sense that this is like a rootkit, then it is a | duplicate of CVE-1999-0660, "A hacker utility or Trojan Horse is | installed on a system, e.g. NetBus, Back Orifice, Rootkit, etc..." | | It should be recast as CVE-1999-0660.1 DDoS tools | Other dot notations could indicate different effects of the tools. | Dik> There doesn"t seem to be much to add to the | discussion. | Baker> Concur that this is a hacker utility, and should be recast and merged with other backdoor programs that allow a hacker to control the activities of the system.
      • deleted(null)
      • created0000-00-00 00:00:00
      • modified0000-00-00 00:00:00
  • 1(array)
    • Cveinfo(array)
      • id1717
      • nameCVE-2000-0139
      • statusEntry
      • descriptionInternet Anywhere POP3 Mail Server allows local users to cause a denial of service via a malformed RETR command.
      • phase(null)
      • votes(null)
      • comments(null)
      • deleted(null)
      • created0000-00-00 00:00:00
      • modified0000-00-00 00:00:00
  • 2(array)
    • Cveinfo(array)
      • id1718
      • nameCVE-2000-0140
      • statusEntry
      • descriptionInternet Anywhere POP3 Mail Server allows remote attackers to cause a denial of service via a large number of connections.
      • phase(null)
      • votes(null)
      • comments(null)
      • deleted(null)
      • created0000-00-00 00:00:00
      • modified0000-00-00 00:00:00
  • 3(array)
    • Cveinfo(array)
      • id1719
      • nameCVE-2000-0141
      • statusEntry
      • descriptionInfopop Ultimate Bulletin Board (UBB) allows remote attackers to execute commands via shell metacharacters in the topic hidden field.
      • phase(null)
      • votes(null)
      • comments(null)
      • deleted(null)
      • created0000-00-00 00:00:00
      • modified0000-00-00 00:00:00
  • 4(array)
    • Cveinfo(array)
      • id1720
      • nameCVE-2000-0142
      • statusCandidate
      • descriptionThe authentication protocol in Timbuktu Pro 2.0b650 allows remote attackers to cause a denial of service via connections to port 407 and 1417.
      • phaseProposed (20000216)
      • votesACCEPT(4) Bishop, Blake, Cole, LeBlanc | MODIFY(2) Frech, Levy | NOOP(2) Baker, Christey
      • commentsFrech> XF:timbuktu-auth-dos | Levy> BID 984 | Christey> BUGTRAQ:20000412 Timbuktu DoS repaired by Netopia | http://www.securityfocus.com/archive/1/54850 | BID:984
      • deleted(null)
      • created0000-00-00 00:00:00
      • modified0000-00-00 00:00:00
• $request->data(empty)
• $this->validationErrors(array)
  • Cveinfo(empty)
• Loaded Helpers(array)
  • 0Number
  • 1SimpleGraph
  • 2Paginator
  • 3DebugTimer
  • 4Toolbar
  • 5Html
  • 6Form
  • 7Session
  • 8HtmlToolbar

App Constants

No application environment available.

CakePHP Constants

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

PHP Environment

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Http Connection	close
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/index/page:344/sort:id/direction:asc
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/index/page:344/sort:id/direction:asc
Remote Port	52362
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	18.216.147.211
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http Cookie	advanced-frontend=8j3jsei43k619sj4602goejhn0
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	*/*
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	18.216.147.211
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	18.216.147.211
Unique Id	aCYwNLPwua3nx4wvCpYaFAAAAd8
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect X Dostranslated Ip	18.216.147.211
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	18.216.147.211
Redirect Unique Id	aCYwNLPwua3nx4wvCpYaFAAAAd8
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect X Dostranslated Ip	18.216.147.211
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	18.216.147.211
Redirect Redirect Unique Id	aCYwNLPwua3nx4wvCpYaFAAAAd8
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1747333172.8008
Request Time	1747333172

Included Files

Include Paths

• 0/virtual/inogo77/public_html/jvn/lib
• 2/opt/remi/php56/root/usr/share/pear
• 3/opt/remi/php56/root/usr/share/php
• 4/usr/share/pear
• 5/usr/share/php
• 6-> /virtual/inogo77/public_html/jvn/lib/Cake/

Included Files

• core(array)
  • Cache(array)
    • 0CORE/Cache/Cache.php
    • 1CORE/Cache/Engine/FileEngine.php
    • 2CORE/Cache/CacheEngine.php
  • Component(array)
    • 0CORE/Controller/Component/SessionComponent.php
    • 1CORE/Controller/Component/PaginatorComponent.php
  • Config(array)
    • 0CORE/Config/routes.php
    • 1CORE/Config/config.php
  • Controller(array)
    • 0CORE/Controller/Controller.php
    • 1CORE/Controller/ComponentCollection.php
    • 2CORE/Controller/Component.php
  • Datasource(array)
    • 0CORE/Model/Datasource/CakeSession.php
    • 1CORE/Model/Datasource/Database/Mysql.php
    • 2CORE/Model/Datasource/DboSource.php
    • 3CORE/Model/Datasource/DataSource.php
  • Error(array)
    • 0CORE/Error/exceptions.php
    • 1CORE/Error/ErrorHandler.php
  • I18n(array)
    • 0CORE/I18n/I18n.php
    • 1CORE/I18n/L10n.php
  • Log(array)
    • 0CORE/Log/CakeLog.php
    • 1CORE/Log/LogEngineCollection.php
    • 2CORE/Log/Engine/FileLog.php
    • 3CORE/Log/Engine/BaseLog.php
    • 4CORE/Log/CakeLogInterface.php
  • Model(array)
    • 0CORE/Model/Model.php
    • 1CORE/Model/BehaviorCollection.php
    • 2CORE/Model/ConnectionManager.php
  • Network(array)
    • 0CORE/Network/CakeRequest.php
    • 1CORE/Network/CakeResponse.php
  • Other(array)
    • 0CORE/bootstrap.php
    • 1CORE/basics.php
    • 2CORE/Core/App.php
    • 3CORE/Core/Configure.php
    • 4CORE/Core/CakePlugin.php
    • 5CORE/Event/CakeEventListener.php
    • 6CORE/Event/CakeEvent.php
    • 7CORE/Event/CakeEventManager.php
    • 8CORE/Core/Object.php
  • Routing(array)
    • 0CORE/Routing/Dispatcher.php
    • 1CORE/Routing/Filter/AssetDispatcher.php
    • 2CORE/Routing/DispatcherFilter.php
    • 3CORE/Routing/Filter/CacheDispatcher.php
    • 4CORE/Routing/Router.php
    • 5CORE/Routing/Route/CakeRoute.php
    • 6CORE/Routing/Route/PluginShortRoute.php
  • Utility(array)
    • 0CORE/Utility/Hash.php
    • 1CORE/Utility/Inflector.php
    • 2CORE/Utility/ObjectCollection.php
    • 3CORE/Utility/Debugger.php
    • 4CORE/Utility/String.php
    • 5CORE/Utility/ClassRegistry.php
  • View(array)
    • 0CORE/View/HelperCollection.php
• app(array)
  • Component(array)
    • 0APP/Controller/Component/CommonComponent.php
  • Config(array)
    • 0APP/Config/core.php
    • 1APP/Config/bootstrap.php
    • 2APP/Config/routes.php
    • 3APP/Config/database.php
  • Controller(array)
    • 0APP/Controller/CveinfosController.php
    • 1APP/Controller/AppController.php
  • Model(array)
    • 0APP/Model/Cveinfo.php
    • 1APP/Model/AppModel.php
  • Other(array)
    • 0APP/webroot/index.php
• plugins(array)
  • DebugKit(array)
    • Component(array)
      • 0DebugKit/Controller/Component/ToolbarComponent.php
    • Other(array)
      • 0DebugKit/Lib/DebugMemory.php
      • 1DebugKit/Lib/Panel/HistoryPanel.php
      • 2DebugKit/Lib/DebugPanel.php
      • 3DebugKit/Lib/Panel/SessionPanel.php
      • 4DebugKit/Lib/Panel/RequestPanel.php
      • 5DebugKit/Lib/Panel/SqlLogPanel.php
      • 6DebugKit/Lib/Panel/TimerPanel.php
      • 7DebugKit/Lib/Panel/LogPanel.php
      • 8DebugKit/Lib/Panel/VariablesPanel.php
      • 9DebugKit/Lib/Panel/EnvironmentPanel.php
      • 10DebugKit/Lib/Panel/IncludePanel.php
      • 11DebugKit/Lib/DebugTimer.php
    • Log(array)
      • 0DebugKit/Lib/Log/Engine/DebugKitLog.php