[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <BAY7-DAV18PF43XcFa10001c13a@hotmail.com>
From: rlanguy at hotmail.com (Lan Guy)
Subject: Reverse http traffic
Did you check the proxy settings?
----- Original Message -----
From: "Daniel H. Renner" <dan@...angelescomputerhelp.com>
To: <full-disclosure@...ts.netsys.com>
Sent: Tuesday, December 30, 2003 12:23 AM
Subject: [Full-Disclosure] Reverse http traffic
> Hello,
>
> I had a case recently wherein one of a client's systems (Win2k) could
> not access http, or mail traffic. At the same time, 2 other systems
> (Win95 and Xandros) could, and yet he could access all of the other
> network shares via TCP.
>
> He brought it to my shop, it was patched up, already had the latest
> anti-virus defs, and it got on the 'net fine here. He returned with it
> and set it up - and could not get any http or email.
>
> I went to his office to see what was up, hooked in my little 'kneetop'
> (Sony Picturebook) and browsed just fine.
>
> I then installed a Linux firewall on a spare computer, replaced the
> Linksys router with it and instantly his Win2k was able to browse and
> get email.
>
> I checked the firewall logs and saw quite a few attempts from a Google
> IP address (whois-ed, but I'm not ignoring that it was possibly spoofed)
> that was sending IN traffic with a source port of 80 and a destination
> port in the temporary range (33xx) - eh???
>
> I can speculate (otherwise known as 'assume' :) that this site was
> trying to spoof my client's system into accepting some traffic by using
> a reverse-flow, but...
>
> Can anyone tell me what actually could cause this?
>
>
> --
>
>
> Thank you,
>
> Dan Renner
> President
> Los Angeles Computerhelp
> http://losangelescomputerhelp.com
> 818.352.8700
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Powered by blists - more mailing lists