lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <1072830094.2202.758.camel@localhost>
From: dan at losangelescomputerhelp.com (Daniel H. Renner)
Subject: Reverse http traffic

On Tue, 2003-12-30 at 13:22, Ron DuFresne wrote:
> Dan,
> 
<snip>
> 
> comments inline
> 
> On 30 Dec 2003, Daniel H. Renner wrote:
> 
> > Hello Ron,
> >
> > If I appeared to be a newbie with a problem - I am not, nor am I an
> > expert who might know what that type of traffic could be.
> >
> > There currently is no problem with this guy's LAN, nor with his Internet
> > connection.  The problem was handled with the installation of the
> > firewall as I mentioned in my post - I was simply wondering if this was
> > some sort of attack as it was wierd traffic, from the OUTSIDE of the LAN
> > to the firewall.
> >
> 
> I seriously doubt that there was an issue solved by the replacement of the
> dsl <lynksys if I recall correctly> router with a firewall, as all the
> other system plugged into the  router worked fine, only a single host was
> having troubles, which were poorly identified and presented for
> 'discussion' here.

If I appear that much of a numbnutz that you can't take my word for a
simple situation, then I will have to work on my English a bit I
think...  But in fact the problem was indeed handled immediately after
replacing the Linksys with a IPCop firewall.  Since you somehow missed
my description of the events, at the risk of being rude, I will copy
from my original post:

</start clip>
I had a case recently wherein one of a client's systems (Win2k) could
not access http, or mail traffic.  At the same time, 2 other systems
(Win95 and Xandros) could, and yet he could access all of the other
network shares via TCP.

(* Definition: 'he' above meaning the Win2k system.)

He brought it to my shop, it was patched up, already had the latest
anti-virus defs, and it got on the 'net fine here.  He returned with it
and set it up - and could not get any http or email.

(* Clarification:  This should have ended with "... on his LAN.")

I went to his office to see what was up, hooked in my little 'kneetop'
(Sony Picturebook) and browsed just fine.

I then installed a Linux firewall on a spare computer, replaced the
Linksys router with it and instantly his Win2k was able to browse and
get email.
</end clip>

(* Clarification: At this point I had already changed the Win2k's IP to
match the internal IP of the IPCop system.)

And to re-state, there is no current problem with this fellow's LAN - I
was simply looking to see if anyone knows what could cause the
afformentioned type of traffic that was stopped by IPCop.

If you need more data, simply ask and I will be more than willing to
reply.


Cheers,
Dan

> 
<snip>
> Thanks,
> 
> Ron DuFresne
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "Cutting the space budget really restores my faith in humanity.  It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation." -- Johnny Hart
> 	***testing, only testing, and damn good at it too!***
> 
> OK, so you're a Ph.D.  Just don't touch anything.
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ