lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <NHBBLDDODAGPHHEBLBPMAEDNCBAA.m0rtis@adelphia.net>
From: m0rtis at adelphia.net (Mortis)
Subject: ICF scan

non,

> This might not be the right place for it

Security basics [@1] would have been a better choice.  This
list is noisy enough that you should only post if it has to
do with security risks, roasting moronings and wieners, to
complain about how your OS is designed, or if you got a cool
piece of spam we all need to see.  Oh, yeah, and to post the
30th confirmation that your particular version of the
browser also dies when you press control-c.  But since you
did post it here, I suppose you may as well get an answer:

> I was playing around with my XP box and scanned
> myself with the ICF in place and without. ...
> But why there are more open ports with ICF than
> without?

Your machine has more than one ethernet interface, the
external one(s) you plug into the net and an internal
loopback device.  The loopback device is software only.  It
is typically called localhost and has the address 127.0.0.1.
A datagram sent by a higher level protocol to this address
should loop back inside the host [@2].

Sometimes programs use sockets to perform inter-process
communication.  A service may be intended for local use
only.  These programs will open sockets only on the loopback
device; no one on the outside can see them without 0wning
you first.

When you scanned yourself from the same machine, you scanned
localhost.  You are seeing _local_ ports that ICF opened.

Try scanning it from another host to see what it looks like
on the external interface.

[ObFullDisclosure]

Open your Apple II floppy case and put a piece of paper in
it.  Mark this paper with the spiral that the heads go
through on a full disk scan.  You can use this to monitor
the boot up sequence of all the k00l protected Borland games
and crack them [so as you can make a backup copy].  Hint:
watch for half tracks.

You can also cut open your floppies, slip out the disc, and
use a hole punch to turn them into double sided disks.  Just
mimic the holes on the other side and put them back
together.  Those lairs at 3M tell you that the single sided
disks aren't coated properly on both sides.

NO NOTICE FOR 0DAY!!  YEAH!!!!!

[@1] http://www.securityfocus.com/archive
[@2] http://www.faqs.org/rfcs/rfc3330.html
--
Gratefully dead,
m0rtis


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ