lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4739CA0B.6060307@gmx.at>
Date: Tue, 13 Nov 2007 17:00:11 +0100
From: halfdog@....at
To: full-disclosure@...ts.grok.org.uk
Subject: Skype network scanning?

When looking at firewall logs I saw that some lan machines with skype connect to 
TCP/UDP highports for p2p transfer. But there was also one strange connect:
the skype box A wanted to connect another box B on our internal net.

* Could it be the caller has the same local net ip range, his box has IP B. When 
calling skype on host A, A wants to connect to B but on the net of the person 
called (net of A).

* If yes, could that be used for scanning? start a machine on an IP in the 
netrange of A, then let skype open a server socket on the local machine (or even 
try to make it open the port on 8080, 139 or 445). Bring the machine to the net 
via NAT, and call any person in the remote net. If machine does not exists 
(packets lost), establishment of p2p may take longer. If port not open, shorter 
time for establishment??

I did not test the scanning mechanism, so these are all assumptions, but I want 
to know if someone has already made some research in that direction

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ