Re: Bittorrent Data Port Probe

Paul Melson wrote:


I can't seem to recreate this:

$ perl -e 'for (my $i=0; $i <= 90; $i++) {print chr(int(rand 255));}' | nc
-v localhost 6881
Connection to localhost 6881 port [tcp/*] succeeded!
$ perl -e 'for (my $i=0; $i <= 95; $i++) {print chr(int(rand 255));}' | nc
-v localhost 6881
Connection to localhost 6881 port [tcp/*] succeeded!
$ perl -e 'for (my $i=0; $i <= 96; $i++) {print chr(int(rand 255));}' | nc
-v localhost 6881
Connection to localhost 6881 port [tcp/*] succeeded!
$ perl -e 'for (my $i=0; $i <= 100; $i++) {print chr(int(rand 255));}' | nc
-v localhost 6881
Connection to localhost 6881 port [tcp/*] succeeded!
$ perl -e 'for (my $i=0; $i <= 1000; $i++) {print chr(int(rand 255));}' | nc
-v localhost 6881
Connection to localhost 6881 port [tcp/*] succeeded!

If you care, the client is bittorrent-curses 4.4.0 on OpenBSD (it's what I
had quick access to). I haven't tried your nasl code in Nessus, so maybe
I'm missing something. But if I understand your previous post, this should
elicit some response from a seeding client, and in my case it doesn't.



There's an outside possibility that bittorent-curses for OpenBSD
*wasn't* one of the platforms that I tested against. ;-)

If it doesn't work from outside localhost, then I'd bet I just happened
upon some quirky windows-bittorrent-client thingee...

--
John Lampe
Senior Security Researcher
TENABLE Network Security, Inc.
jwlampe@{nessus.org,tenablesecurity.com}
Tele: (410) 872-0555
www.tenablesecurity.com

Is your network TENABLE?
---------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Relevant Pages

  • Re: Ruby networking: Errno::ECONNREFUSED: Connection refused - connect(2) on Ubuntu 9.1
    ... The client fails to connect to the server. ... address to localhost or 127.0.0.1 then the connection is made. ... you see that it's bound to the 127.0.0.1 interface (localhost). ...
    (comp.lang.ruby)
  • Xdm and the XDMPC CHooser.. How?
    ... I have one machine that has an X server. ... I would like to have XDM throw up a chooser menu that contains all 5 ... examples with 1 possible client machine and one Xserver machine ... CHOOSER localhost client ...
    (freebsd-questions)
  • Re: 127.0.0.1/localhost in ActiveSync, Windows Mobile 5
    ... The actual exchange server name should be entered in the activesync client, ... workaround is to use 'localhost' in web browser and mail client. ...
    (microsoft.public.pocketpc.developer)
  • Re: Replacing BIND with unbound
    ... intended to serve only one client or a small number of ... clients (a SOHO). ... but I have no personal experience running unbound on large networks. ... My basis for stating that it is intended primarily for localhost and ...
    (FreeBSD-Security)
  • Re: Web session come from IP 127.0.0.1 ???
    ... you have a browser open at the ISA and it's configured to use either "localhost" or "127.0.0.1" in the proxy settings ... In ISA session monitor, I saw Web session come from IP ... I think that some client use firewall-pass- ...
    (microsoft.public.isa)