lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <1c2c8161041213072134f7f7d0@mail.gmail.com>
From: gautam.singh at gmail.com (Gautam R. Singh)
Subject: GPRS/IP-session from Nokia/Symbian mobile phone
	stays up

I dont know if theres any webserver that runs on symbian? but just
wondering did anyone ever tried hosting a webpage on symbian phone
with always on connection. This would be like solar powered torch
lite.

Gautam >__< 


On Mon, 13 Dec 2004 09:30:09 +0100 (CET), Marco Davids (Prive)
<mdavids@...fun.net> wrote:
> On Tue, 7 Dec 2004, William Reading wrote:
> 
> > Howdy,
> >
> > I think this is part of the reason why some carriers, such as T-Mobile,
> > use RFC1918 addresses instead of publically routable IPs.
> 
> Not here in the Netherlands :-)
> 
> inetnum:      194.229.200.0 - 194.229.207.255
> netname:      T-MOBILE-NL
> descr:        t-mobile.nl
> country:      NL
> admin-c:      RM1746-RIPE
> tech-c:       RM1746-RIPE
> status:       ASSIGNED PA
> mnt-by:       NLNET-MNT
> changed:      bartk@...uu.net 20030801
> source:       RIPE
> 
> I get an IP-address out of this range on my phone.
> 
> --
> Marco
> 
> 
> 
> 
> > They do allow
> > you to specifically request real addresses if you need it for something
> > like IPSec too. Of course, this is kind of a moot point when they have
> > unlimited data plans in the US.
> >
> > William Reading
> >
> > Marco Davids (Prive) wrote:
> >
> > >Hi,
> > >
> > >For what it is worth:
> > >
> > >When my Nokia 6600 (Symbian V7.0s) mobile phone was connected to the
> > >Internet and an imap-server for some tests the other day, I decided to
> > >run a ping to the phone's IP-address (in fact I did an nmap -O to the
> > >phone first, but that didn't work).
> > >
> > >After the mail was retrieved I closed the email-application on the phone.
> > >Normally the GPRS-session is terminated in such a case. But not this time,
> > >while the pings went on. This time I had to force the session to go down,
> > >which is an option on the phone, luckily. I just never used it before :-)
> > >
> > >Later on I tried an SSH-session with the Mocha Telnet application from my
> > >phone. Same behaviour. After I closed the SSH-application and as the
> > >pings went on the (expensive) GPRS-session did not terminate as it
> > >normally does when there is no incoming icmp traffic. When I finished
> > >the external pings to the phone, the GPRS-session closed by itself.
> > >
> > >I tried again, this time with a larger packet-size, but that did not work.
> > >
> > >Then I tried a flood-ping and that did work. The GPRS-session stayed up
> > >and the GRPS-counters increased dramatically! By this time my little
> > >experiments where getting rather pricey for me.
> > >
> > >Conclusion: Even after the last application that uses IP on the phone is
> > >closed, the GPRS-session stays up as long as there is incoming
> > >(icmp)traffic. I am not sure what to think of this, but this seems
> > >rather undesirable to me. Do other phones also 'suffer' form this
> > >behaviour?
> > >
> > >This 'feature' can be abused. One could easily be lead to believe that the
> > >GPRS-session is over, while in reality it is not.
> > >
> > >I did a quick ping-scan on the IP-range that my phone was in and
> > >discovered 355 active, 'pingable', IP-addresses out of 2048. I figured it
> > >be better not to start flood-pinging all of them them, but I couldn't help
> > >thinking what would happen if some punk did: many phone's online would
> > >probably stay online, depending on the number of phone models that show
> > >the same behaviour. That would not only generate costs to their owners,
> > >but would probaly also exhaust available IP-addresses for new
> > >connections, resulting in some kind of DoS to the GPRS IP-service.
> > >
> > >Greetings,
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


-- 
Gautam R. Singh
[mcp,ccna,cspfa,] t: +91 9848 525 074 | pgp:
http://gautam.techwhack.com/key/ | ymsgr: er-333 | msn: ro0_@...mail

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ