lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4C3F89DF.5020009@gmail.com>
Date: Fri, 16 Jul 2010 01:21:19 +0300
From: ithilgore <ithilgore.ryu.l@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: A new zombie port scanning attack


Hello fd-list folks.

I recently demonstrated at Athcon, a new security conference taking place
in Athens - Greece, a new stealthy port scanning attack that is made
possible by abusing XMPP. The technique uses a "zombie" host (that can be
anyone in your [most probably fake] friend/contact list) and some timing
calculations in order to conduct a portscan through that proxy to any
target. The IP address is never revealed to the scanned victim, the same
way the famous idle/zombie scan, discovered by antirez, works.
The idea, a proof of concept pidgin patch and a detailed analysis can be
read in the paper.

You can find the whitepaper here:
http://sock-raw.org/papers/abusing_network_protocols
and the presentation slides:
http://sock-raw.org/papers/anp_presentation.pdf

It is interesting to see how protocols like seemingly "innocent" protocols
like XMPP can still be abused to do things like the above attack.

Regards,
ithilgore

-- 
http://sock-raw.org
http://twitter.com/ithilgore

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ