RE: Yahoo Messenger Stale Sessions

From: David Gillett (gillettdavid@fhda.edu)
Date: 11/13/02 

From: "David Gillett" <gillettdavid@fhda.edu>
To: <incidents@securityfocus.com>
Date: Wed, 13 Nov 2002 09:35:11 -0800

  Not so arbitrary. He needs to not only spoof the IP
address your friend had, but also get the other port number
and the TCP sequence number right. Which might not be much
challenge *IF* he was able to sniff your original conversation.
(If he's spoofing rather than assuming the address, he'll need
to sniff your machine's responses....)

  That much probably limits it to people within either your,
or your friend's, network provider. Then there's the question
of what to do with this connection. Is there a vulnerability
in Yahoo Messenger that could be exploited from there? (If
so, should you be using it at all?)

David Gillett

> -----Original Message-----
> From: Leonard.Ong@nokia.com [mailto:Leonard.Ong@nokia.com]
> Sent: Tuesday, November 12, 2002 5:39 PM
> To: incidents@securityfocus.com
> Subject: RE: Yahoo Messenger Stale Sessions
>
>
> Hello All,
>
> During my observation in daily use of Yahoo Messenger, my
> computer has "stale/zombie" sessions. For example, If i have
> received/message a friend, yahoo will normally make a direct
> connection from my PC to my friend. From Netstat result, you
> can see a high port on my computer is having an Established
> session with my peer's:5101 port.
>
> The issue is, after a contact has gone offline (dial-up), the
> state established in the netstat will remain until the next
> day. I wouls see this as a vulnerabilities, since an
> arbitrary user can assume the IP Address was used
> (dial-up->dynamic ip assignment), and use this established
> session to assume it.
>
> Any idea ?
>
>
> Regards,
> Leonard Ong
> Network Security Specialist, APAC
> NOKIA
>
> Email. Leonard.Ong@nokia.com
> Mobile. +65 9431 6184
> Phone. +65 6723 1724
> Fax. +65 6723 1596
>
>
>
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Relevant Pages

  • Re: Cannot Print
    ... Thanks to Tom and Lem for all your help. ... I talked to my friend and she wants ... to try to uninstall and reinstall the printer drivers from her original CD. ... The printer says COM port; ...
    (microsoft.public.windowsxp.print_fax)
  • Re: keystroke spyware/virus?
    ... | a friend of mine thinks her computer is being monitored by her ... | exboyfriend... ... all the messages on her yahoo messenger are being leaked to ... uninfected operating system to allow malware to be ...
    (alt.comp.anti-virus)
  • Remote assistance - connectiong and taking control
    ... I port forwarded port 3389 to the IP of the computer I am using -- in this ... I went into Help and Support and created a file, ... I emailed this file to my friend and he can connect to my computer but he ... My computer is setup to allow remote control. ...
    (microsoft.public.windowsxp.general)
  • Re: Zyxel 623-T1- where to buy?
    ... But another friend close by is using them ... > until today, when she knows, and now the bloody Zyxel has disappeared ... > from the web sites. ... When I last looked the 4 ports were quite often cheaper than single port ...
    (uk.comp.sys.mac)
  • Yahoo Messenger
    ... I installed Yahoo Messenger a few months back and never used it. ... Tonight I fired it up and tried to talk to a friend. ... and the scrolling problem seems to be gone. ... But under "Window" there seems to be two ...
    (comp.sys.mac.apps)