lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: rlanguy at hotmail.com (Lan Guy) Subject: Reverse http traffic Did you check the proxy settings? ----- Original Message ----- From: "Daniel H. Renner" <dan@...angelescomputerhelp.com> To: <full-disclosure@...ts.netsys.com> Sent: Tuesday, December 30, 2003 12:23 AM Subject: [Full-Disclosure] Reverse http traffic > Hello, > > I had a case recently wherein one of a client's systems (Win2k) could > not access http, or mail traffic. At the same time, 2 other systems > (Win95 and Xandros) could, and yet he could access all of the other > network shares via TCP. > > He brought it to my shop, it was patched up, already had the latest > anti-virus defs, and it got on the 'net fine here. He returned with it > and set it up - and could not get any http or email. > > I went to his office to see what was up, hooked in my little 'kneetop' > (Sony Picturebook) and browsed just fine. > > I then installed a Linux firewall on a spare computer, replaced the > Linksys router with it and instantly his Win2k was able to browse and > get email. > > I checked the firewall logs and saw quite a few attempts from a Google > IP address (whois-ed, but I'm not ignoring that it was possibly spoofed) > that was sending IN traffic with a source port of 80 and a destination > port in the temporary range (33xx) - eh??? > > I can speculate (otherwise known as 'assume' :) that this site was > trying to spoof my client's system into accepting some traffic by using > a reverse-flow, but... > > Can anyone tell me what actually could cause this? > > > -- > > > Thank you, > > Dan Renner > President > Los Angeles Computerhelp > http://losangelescomputerhelp.com > 818.352.8700 > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists