lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 17 May 2013 11:53:54 +0200
From: Alex <fd@...oo.de>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: On Skype URL eavesdropping

Its funny to see Microsoft using SSH ;)

22/tcp  open   ssh     VanDyke VShell sshd 3.8.6.476 (protocol 2.0)

Btw, nmap thinks it is Vista

Device type: general purpose
Running: Microsoft Windows Vista
OS details: Microsoft Windows Vista

Have 2 log entries:
[29/Apr/2013:15:09:36 +0200]
[18/Apr/2013:14:46:29 +0200]

HEAD, no user agent and so on. Don't use Skype.





Am 2013-05-17 03:53, schrieb Bruce Ediger:

> On Fri, 17 May 2013, Kirils Solovjovs wrote:
> 
> Requests always come from the same IP 65.52.100.214.
> 
> Oddly, I have an HTTP request from 65.52.100.214 in my apache log 
> files.
> It asked for http://stratigery.com/scripting.ftp.html [1] by far the 
> most
> popular page on my web site. It used a HEAD. Referer and user agent
> both '-'
> 
> That much is the same as everyone else. I have a little more to add.
> I have p0f version 2 running at the same time. I can match up the
> 65.52.100.214 with this from p0f:
> 
> UNKNOWN [8192:56:1:48:M1460,N,N,S:.:?:?]
> 
> p0f also claims an "ethernet/modem" link.
> 
> I find 1 other hit in my p0f log file with that OS guess, from
> 1.23.166.134, which was also asking for
> http://stratigery.com/scripting.ftp.html [1], but with a GET.
> 
> 1.23.166.134 had a referer of http://www.google.co.in [2]
> 1.23.166.134 had a user agent of " Mozilla/4.0 (compatible; MSIE 7.0; 
> Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 
> 1.1.4322; .NET CLR 3.5.30729; InfoPath.1; .NET4.0C; .NET4.0E)"
> 
> 65.52.100.214 hit my web server at 2013-04-30 07:26:26-06
> 1.23.166.134 hit my web server at 2012-04-09 11:26:00-06
> 
> Note that I do not use Skype at all.
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html [3]
> Hosted and sponsored by Secunia - http://secunia.com/ [4]



Links:
------
[1] http://stratigery.com/scripting.ftp.html
[2] http://www.google.co.in
[3] http://lists.grok.org.uk/full-disclosure-charter.html
[4] http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ