lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: PoulWaJ at it-college.dk (Poul Wann Jensen)
Subject: IP Resolving problems with DSL user [sls]

He is probably useing NAT, ie. he has an internet IP address at the ISP,
192.xxx or similar. The ISP useually has less IPs available in their pool
than they have users, so they have a box that assigns users
the external IP, and routes their requested data to their internal IP.

Yours,

Poul Wann
---------
IT-College Denmark
poulwaj (at) it-college.dk

-----Oprindelig meddelelse-----
Fra: Administrator [mailto:administrator@...inetworks.com]
Sendt: Saturday, September 27, 2003 8:05 PM
Til: full-disclosure@...ts.netsys.com
Emne: [Full-Disclosure] IP Resolving problems with DSL user [sls]


After a discussion about computer security with a fairly
computer-literate friend, I was asked to perform various
vulnerability scans on his system remotely. He gave me
his IP address at the same time as I ran "netstat"
to obtain it and both came out to be the same number
but just to be sure a WHOIS was run and the IP
was listed as belonging to his ISP. An nmap
scan and an "xscan" (windows-based vulnerability scanner)
were started against this IP and port 23 was found to be open
so I attempted a TELNET and was greeted with a fairly
suprising "WARNING" message that included the real
DNS name of the computer I was scanning (which happened
to be a server belonging to his ISP). All scans were halted
immediately and both of us wrote apology letters to the ISP
explaining this mistake.

My question is this: How could this have happened? Both
"winipcfg" in his Windows 98 system as well as his client
software told him his IP was this as well as a
"netstat /a" from my system.

Thank you for comments,

Alex Petrosian
administrator@...inetworks.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
###########################################

This message has been scanned by F-Secure Anti-Virus for Microsoft
Exchange.
For more information, connect to http://www.F-Secure.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ