lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: nanog at email.fries.net (Todd T. Fries)
Subject: GPRS/IP-session from Nokia/Symbian mobile
	phone stays up

Strange, I didn't request a public IP from T-Mobile, perhaps they picked
up my need in a conversation while I was talking to them, the default
gateway is a rfc1918 IP, but I can do IPSec just fine and ssh back in to
the public IP when online via gprs.

On , 2004-12-07 at 14:28 -0600, William Reading wrote:
> Howdy,
> 
> I think this is part of the reason why some carriers, such as T-Mobile, 
> use RFC1918 addresses instead of publically routable IPs. They do allow 
> you to specifically request real addresses if you need it for something 
> like IPSec too. Of course, this is kind of a moot point when they have 
> unlimited data plans in the US.
> 
> William Reading
> 
> Marco Davids (Prive) wrote:
> 
> >Hi,
> >
> >For what it is worth:
> >
> >When my Nokia 6600 (Symbian V7.0s) mobile phone was connected to the
> >Internet and an imap-server for some tests the other day, I decided to
> >run a ping to the phone's IP-address (in fact I did an nmap -O to the
> >phone first, but that didn't work).
> >
> >After the mail was retrieved I closed the email-application on the phone.
> >Normally the GPRS-session is terminated in such a case. But not this time,
> >while the pings went on. This time I had to force the session to go down,
> >which is an option on the phone, luckily. I just never used it before :-)
> >
> >Later on I tried an SSH-session with the Mocha Telnet application from my
> >phone. Same behaviour. After I closed the SSH-application and as the
> >pings went on the (expensive) GPRS-session did not terminate as it
> >normally does when there is no incoming icmp traffic. When I finished
> >the external pings to the phone, the GPRS-session closed by itself.
> >
> >I tried again, this time with a larger packet-size, but that did not work.
> >
> >Then I tried a flood-ping and that did work. The GPRS-session stayed up
> >and the GRPS-counters increased dramatically! By this time my little
> >experiments where getting rather pricey for me.
> >
> >Conclusion: Even after the last application that uses IP on the phone is
> >closed, the GPRS-session stays up as long as there is incoming
> >(icmp)traffic. I am not sure what to think of this, but this seems
> >rather undesirable to me. Do other phones also 'suffer' form this
> >behaviour?
> >
> >This 'feature' can be abused. One could easily be lead to believe that the
> >GPRS-session is over, while in reality it is not.
> >
> >I did a quick ping-scan on the IP-range that my phone was in and
> >discovered 355 active, 'pingable', IP-addresses out of 2048. I figured it
> >be better not to start flood-pinging all of them them, but I couldn't help
> >thinking what would happen if some punk did: many phone's online would
> >probably stay online, depending on the number of phone models that show
> >the same behaviour. That would not only generate costs to their owners,
> >but would probaly also exhaust available IP-addresses for new
> >connections, resulting in some kind of DoS to the GPRS IP-service.
> >
> >Greetings,
> >
> >--
> >Marco Davids
> >
> >
> >
> >
> >
> >
> >
> >
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.netsys.com/full-disclosure-charter.html
> >  
> >
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
-- 
Todd Fries .. todd@...es.net

 _____________________________________________
|                                             \  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC                 \  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com             \  1.866.792.3418 (FAX)
| "..in support of free software solutions."  \  1.700.227.9094 (IAXTEL)
|                                             \          250797 (FWD)
 \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
                                                 
              37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
                        http://todd.fries.net/pgp.txt




Powered by blists - more mailing lists