lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1065081075.19143.52.camel@localhost>
From: dan at losangelescomputerhelp.com (Daniel H. Renner)
Subject: MSN appears to be being a bit snoopy via a Hotmail server...

We are running a Linux floppyfw on the outside, splitting into an
unrestricted work space, and a stronger firewall to protect the office
side of things.

A computer was being setup that is running MSN software, and during it's
1 day on the benches, our good firewall recorded the following hits from
the below noted site, all of which were aimed  * directly *  at the IP
address of the internal firewall's NIC (represented by "xxx.xxx.xxx.xxx"
below) climbing over the floppyfw to do so...


	Time  	Chain  	Iface  	Proto  	Source  	Src Port  Destination  	Dst
Port
    11:34:12  	INPUT  	eth2  	 UDP	64.4.12.201	7001	xxx.xxx.xxx.xxx	1075
    11:34:13  	INPUT  	eth2   	
UDP	64.4.12.201	7001	xxx.xxx.xxx.xxx	1075
    11:34:14  	INPUT  	eth2   	
UDP	64.4.12.201	7001	xxx.xxx.xxx.xxx	1075
    11:34:15  	INPUT  	eth2   	
UDP	64.4.12.201	7001	xxx.xxx.xxx.xxx	1075
    14:31:43  	INPUT  	eth2   	
UDP	64.4.12.201	7001	xxx.xxx.xxx.xxx	1075
    14:31:43  	INPUT  	eth2   	
UDP	64.4.12.201	7001	xxx.xxx.xxx.xxx	1075
    14:31:44  	INPUT  	eth2   	
UDP	64.4.12.201	7001	xxx.xxx.xxx.xxx	1075
    14:31:45  	INPUT  	eth2   	
UDP	64.4.12.201	7001	xxx.xxx.xxx.xxx	1075



Trying whois -h whois.arin.net 64.4.12.201
OrgName:    MS Hotmail 
OrgID:      MSHOTM
Address:    1065 La Avenida
City:       Mountain View
StateProv:  CA
PostalCode: 94043
Country:    US

NetRange:   64.4.0.0 - 64.4.63.255 
CIDR:       64.4.0.0/18 
NetName:    HOTMAIL
NetHandle:  NET-64-4-0-0-1
Parent:     NET-64-0-0-0-0
NetType:    Direct Assignment
NameServer: NS1.HOTMAIL.COM
NameServer: NS3.HOTMAIL.COM
NameServer: NS2.HOTMAIL.COM
NameServer: NS4.HOTMAIL.COM
Comment:    
RegDate:    1999-11-24
Updated:    2003-06-27

TechHandle: MSFTP-ARIN
TechName:   MSFT-POC 
TechPhone:  +1-425-882-8080
TechEmail:  iprrms@...rosoft.com 

OrgTechHandle: MSFTP-ARIN
OrgTechName:   MSFT-POC 
OrgTechPhone:  +1-425-882-8080
OrgTechEmail:  iprrms@...rosoft.com


And from our internal firewall's proxy logs, noone here was logged into
Hotmail or MSN servers during these times...

The above mentioned computer's time in our shop is the only thing I can
relate this traffic to, as noone is allowed to run MSN software on any
of our Linux workstations...

;-)

-- 

Cheers,

Dan Renner
President
Los Angeles Computerhelp
818-352-8700
http://losangelescomputerhelp.com



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ