lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: rlanguy at hotmail.com (Lan Guy)
Subject: Reverse http traffic

Did you check the proxy settings?


----- Original Message ----- 
From: "Daniel H. Renner" <dan@...angelescomputerhelp.com>
To: <full-disclosure@...ts.netsys.com>
Sent: Tuesday, December 30, 2003 12:23 AM
Subject: [Full-Disclosure] Reverse http traffic


> Hello,
> 
> I had a case recently wherein one of a client's systems (Win2k) could
> not access http, or mail traffic.  At the same time, 2 other systems
> (Win95 and Xandros) could, and yet he could access all of the other
> network shares via TCP.
> 
> He brought it to my shop, it was patched up, already had the latest
> anti-virus defs, and it got on the 'net fine here.  He returned with it
> and set it up - and could not get any http or email.
> 
> I went to his office to see what was up, hooked in my little 'kneetop'
> (Sony Picturebook) and browsed just fine.
> 
> I then installed a Linux firewall on a spare computer, replaced the
> Linksys router with it and instantly his Win2k was able to browse and
> get email.
> 
> I checked the firewall logs and saw quite a few attempts from a Google
> IP address (whois-ed, but I'm not ignoring that it was possibly spoofed)
> that was sending IN traffic with a source port of 80 and a destination
> port in the temporary range (33xx) - eh???
> 
> I can speculate (otherwise known as 'assume' :) that this site was
> trying to spoof my client's system into accepting some traffic by using
> a reverse-flow, but...
> 
> Can anyone tell me what actually could cause this?
> 
> 
> -- 
> 
> 
> Thank you,
> 
> Dan Renner
> President
> Los Angeles Computerhelp
> http://losangelescomputerhelp.com
> 818.352.8700
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


Powered by blists - more mailing lists