Re: [Full-disclosure] Microsoft Windows and *nix Telnet PortNumber Argument Obfuscation

From: Chris Umphress (umphress_at_gmail.com)
Date: 06/12/05

  • Next message: Thierry Carrez: "[Full-disclosure] [ GLSA 200506-11 ] Gaim: Denial of Service vulnerabilities"
    Date: Sat, 11 Jun 2005 23:46:13 -0700
    To: khermans@cisco.com
    
    

    > OK. Fair enough, but at least some people found it "informative". The
    > technique described probably does affect many networking tools, as you
    > stated, but one should ask if this is a proper coding technique or not
    > (think secure code). The input does not map to the expected output --
    > and the user should have been told that the port number is out of range.
    > Otherwise, what if he thinks 65571 is a valid port after executing that
    > command? He may be naive, but shouldn't the telnet programmer let him
    > know that he is mistaken in his port choice?
    >
    > As an analogy, it is also true that a C programmer could pull some nice
    > tricks to optimize his code, but that code may confuse another
    > programmer trying to understand it. This is a system, like anything
    > else, and things are based on give/take. I don't see why allowing this
    > to happen actually helps anyone but the telnet programmer -- because it
    > could confuse many users.

    Perhaps. If the user is using telnet (especially today), I would
    generally assume they know a little bit about how their system works.
    In today's world, sometimes we forget about memory and file size
    optimizations. While telnet is not normally one of those files that
    technicians try to cram onto their diagnostic Floppies/CDs, there
    might be an occasion when it would be nice to save those few extra
    bytes or kilobytes that these messages would take up.

    While I don't disagree with you that user-friendly programs are nice,
    there are times when other optimizations are favoured more.

    -- 
    Chris Umphress <http://daga.dyndns.org/>
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/
    

  • Next message: Thierry Carrez: "[Full-disclosure] [ GLSA 200506-11 ] Gaim: Denial of Service vulnerabilities"

    Relevant Pages

    • Re: Changing iptables on the fly
      ... What I'd suggest is using the firewall directly. ... uses an 'open' and 'close' knock, though he's using the default SSH port. ... the reason most people don't recommend the PHP technique you ...
      (comp.security.firewalls)
    • Re: Keyless Ignition via Bluetooth/Cell Phone
      ... I've no idea what port it's called - all I know is that there was a TV news item about it here very recently, showing precisely how it's done. ... I'm not saying the key copy technique noted in the article can't be ... subsumes about 12 percent of thefts. ...
      (rec.motorcycles)
    • Re: Copy Right Protection
      ... | So that technique provides some protection but not total. ... the Windows solution only works for Windows. ... | what images to protect and which images not to protect. ... | make it available for free, but the programmer using codeguru.com was told ...
      (microsoft.public.frontpage.client)
    • RE: Strange TCP headers
      ... different OS fingerprinting technique (there was some discussion as to ... SYN packets in their testing. ... Subject: OS fingerprinting technique ... TCP port, which make this method really quiet. ...
      (Incidents)
    • Re: Copy Right Protection
      ... > know very little or nothing about HTML. ... > So that technique provides some protection but not total. ... the Windows solution only works for Windows. ... > make it available for free, but the programmer using codeguru.com was told ...
      (microsoft.public.frontpage.client)