IE 5.5 security

From: winquestion@hushmail.com
Date: 04/24/02 

From: winquestion@hushmail.com
To: focus-ms@securityfocus.com
Date: Tue, 23 Apr 2002 17:31:28 -0700

All,

I've been asked by my teacher to upgrade all the lab Win2k pcs from IE
5.5 to IE6. All the nodes plug into a switch that plugs into a cisco 3640 that uses nat to talk to the Internet.

Prior to upgrading ro IE 6, I noticed that IE 5.5 submits the data to a local port before accessing the remote destination. There are no proxy servers running on the network and tools such as insider say that the port in question is being binded and owned by IE itself. The Tools=>Options=>Connection menu shows no proxies are configured.

Normal process:
IE opens a connection on a random high port and then connects to port 80 of destination
i.e.localhost:1214 to www.abc.com:80

Prcoess on my lab pcs:
IE opens a connection on a random high port =>to a random static high end port on the localhost and then connects to port 80 of destination
i.e.localhost:1214 => localhost:1033=>to www.abc.com:80

The port 1033 will remain valid until the browser is closed. All subsequent http or https sessions from the browser or any type of connection all go to port 1033 prior to reaching the Internet. This behavior is similar to a proxy.

The port 1033 is random. IE 5.5 assigns a different random static port for this proxy behavior every time it starts up. Telneting to this static port produces nothing so I don't really know why ie has this port on.

Now if I were to use ie 6 on another box or an upgraded box, then this proxy behavior goes away. It behaves like a normal app by opening a random high end port to connect to the Internet.

My question is what is so different with IE 5.5 that it has this proxy like behavior whereas in IE6 it doesn't and behaves like a normal app.

I know my machine has not been hacked because I even reinstalled a Win2k machine from scratch using IE 5.5 and it still exhibits the same proxy behavior.

Any help would be appreciated. Please write back. Thanks.

Hush provide the worlds most secure, easy to use online applications - which solution is right for you?
HushMail Secure Email http://www.hushmail.com/
HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
Hush Business - security for your Business http://www.hush.com/
Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople

Relevant Pages

  • RE: IE 5.5 security
    ... There is a security vulnerability with IE6 on Win2K machines that allow code ... local port before accessing the remote destination. ... There are no proxy ... IE opens a connection on a random high port =>to a random static high end ...
    (Security-Basics)
  • Re: IE 5.5 security
    ... > I've been asked by my teacher to upgrade all the lab Win2k pcs from IE ... > itself to a local port before accessing the remote destination. ... > IE opens a connection on a random high port and then connects to port ... > for this proxy behavior every time it starts up. ...
    (microsoft.public.security)
  • Re: Created on Access 2003, but.......................
    ... But that's not secure under any scenario, as any port scanner ... Well, you still need a userid, password and database name. ... You're assuming the server remains in a secured configuration. ...
    (comp.databases.ms-access)
  • Re: 553 sorry, relaying denied from your location
    ... connection on port 465. ... Newly created server is on port 465, ... iterations of secure, always secure, 128 bit encryption, etc. ... that doesn't appear to be an Exchange response. ...
    (microsoft.public.exchange.setup)
  • Re: Help, my machine has been hacked
    ... > being used to perform port scans on a bank. ... > closed HTTP) ... > DSLReports and they all report that my machine is secure. ... > 4) Recommendations for a hardware firewall? ...
    (comp.os.linux.security)