[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4739CA0B.6060307@gmx.at>
Date: Tue, 13 Nov 2007 17:00:11 +0100
From: halfdog@....at
To: full-disclosure@...ts.grok.org.uk
Subject: Skype network scanning?
When looking at firewall logs I saw that some lan machines with skype connect to
TCP/UDP highports for p2p transfer. But there was also one strange connect:
the skype box A wanted to connect another box B on our internal net.
* Could it be the caller has the same local net ip range, his box has IP B. When
calling skype on host A, A wants to connect to B but on the net of the person
called (net of A).
* If yes, could that be used for scanning? start a machine on an IP in the
netrange of A, then let skype open a server socket on the local machine (or even
try to make it open the port on 8080, 139 or 445). Bring the machine to the net
via NAT, and call any person in the remote net. If machine does not exists
(packets lost), establishment of p2p may take longer. If port not open, shorter
time for establishment??
I did not test the scanning mechanism, so these are all assumptions, but I want
to know if someone has already made some research in that direction
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists