| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4C3F8AAF.70105@gmail.com> Date: Fri, 16 Jul 2010 01:24:47 +0300 From: ithilgore <ithilgore.ryu.l@...il.com> To: bugtraq@...urityfocus.com Subject: A new zombie port scanning attack Hello bugtraq-list folks. I recently demonstrated at Athcon, a new security conference taking place in Athens - Greece, a new stealthy port scanning attack that is made possible by abusing XMPP. The technique uses a "zombie" host (that can be anyone in your [most probably fake] friend/contact list) and some timing calculations in order to conduct a portscan through that proxy to any target. The IP address is never revealed to the scanned victim, the same way the famous idle/zombie scan, discovered by antirez, works. The idea, a proof of concept pidgin patch and a detailed analysis can be read in the paper. You can find the whitepaper here: http://sock-raw.org/papers/abusing_network_protocols and the presentation slides: http://sock-raw.org/papers/anp_presentation.pdf It is interesting to see how protocols like seemingly "innocent" protocols like XMPP can still be abused to do things like the above attack. Regards, ithilgore -- http://sock-raw.org http://twitter.com/ithilgore
Powered by blists - more mailing lists