lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3F75ED88.6387.10A1CA3@localhost>
From: administrator at maginetworks.com (Administrator)
Subject: IP Resolving problems with DSL user

After a discussion about computer security with a fairly
computer-literate friend, I was asked to perform various
vulnerability scans on his system remotely. He gave me
his IP address at the same time as I ran "netstat"
to obtain it and both came out to be the same number
but just to be sure a WHOIS was run and the IP
was listed as belonging to his ISP. An nmap
scan and an "xscan" (windows-based vulnerability scanner)
were started against this IP and port 23 was found to be open
so I attempted a TELNET and was greeted with a fairly
suprising "WARNING" message that included the real
DNS name of the computer I was scanning (which happened 
to be a server belonging to his ISP). All scans were halted
immediately and both of us wrote apology letters to the ISP
explaining this mistake.

My question is this: How could this have happened? Both 
"winipcfg" in his Windows 98 system as well as his client
software told him his IP was this as well as a 
"netstat /a" from my system.

Thank you for comments,

Alex Petrosian
administrator@...inetworks.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ