Re: Yahoo Messenger Stale Sessions
From: Rudolfo Amnesico (tech@sapo.pt)Date: 11/12/02
- Previous message: David J. Bianco: "Re: Company Firewall's IP Address"
- In reply to: Leonard.Ong@nokia.com: "Yahoo Messenger Stale Sessions"
- Next in thread: Leonard.Ong@nokia.com: "RE: Yahoo Messenger Stale Sessions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Leonard.Ong@nokia.com Date: Tue, 12 Nov 2002 19:17:11 +0000 (WET) From: Rudolfo Amnesico <tech@sapo.pt>
hello all,
I'm running a small windows LAN with a linux box as a
gateway connected to my ISP. This box is using IPTABLES as
a firewall and, most important, as a NAT translater
(masquerading, putting it simple) so that only one IP is
public and all traffic must cross the gateway.
I also register those zombie sessions here. Not only for
yahoo messenger but for other things such as irc (tcp/6666
or 6667). Those tcp ESTABLISHED connections remain for 24h
or more (# cat /proc/net/ip_conntrack).
Connections i've registered that would last a long time:
- websites such as *.ad-doubleclick.com
- irc tcp/6666
- nmap scans (-sS scans?)
comments.
1. it's true. I also have the feeling that this can be
exploitable. After all, there is already a connection
established and the host trusts it. ip spoofing/DoS
vulnerability?
Anyone has ideas/experiences/tools?
2. is there any way to kill these sessions as we can do
with processes? I mean a command like # kill <tcp session>.
Regards to yall.
Citando Leonard.Ong@nokia.com:
} Hello All,} } During my observation in daily use of Yahoo
} Messenger, my computer has "stale/zombie" sessions.
} For example, If i have received/message a friend, yahoo
} will normally make a direct connection from my PC to my
} friend. From Netstat result, you can see a high por
} on my computer is having an Established session with my
} peer's:5101 port.} } The issue is, after a contact has
gone offline
} (dial-up), the state established in the netstat will
} remain until the next day. I wouls see this as a
} vulnerabilities, since an arbitrary user can assume the
} IP Address was used (dial-up->dynamic ip assignment),
} and use this established session to assume it.} } Any
idea ?} } } Regards,} Leonard Ong} Network Security
Specialist, APAC} NOKIA} } Email. Leonard.Ong@nokia.com}
Mobile. +65 9431 6184} Phone. +65 6723 1724} Fax. +65
6723 1596} } } } -----Original Message-----} From: ext Joey
[mailto:josefhuggins@hotmail.com]} Sent: Saturday, November
09, 2002 9:32 PM} To: Security Basics} Subject: Re:
Biometric question} } } To clarify:retinal scanning is
about as effective as
} fingerprints. Retinal} scanning uses a laser light, often
in the green part
} of the spectrum to scan} the blood vessels of the
internal eye. Both methods
} scan around 90 metric} points. They can easily read false
depending on
} whether or not the} biological sample (in this case
eyeball or finger) is
} placed exactly in the} same position as it was when it
was initially
} scanned. There is, of course,} with most software a
threshold setting which will
} allow readings to require} either a very precise ( a
finger must be placed in
} exactly the same spot} every time on a reader ) or very
minimal ( a finger
} can be placed anywhere} near the center of the reader,
but the accuracy drops
} proportionately )} setting. The best way to go from
everything I've seen
} and read is with iris} scans. Whereas fingerprint and
retina scans read
} around 90 metric points, an} iris scan reads about 250.
Iris scans are
} non-invasive whereas retina scans} require a laser light
or other strong light source
} directed through the} cornea in order to read the vessel
pattern in the
} back of the eye. While} it's allot more expensive, if
security, and not money
} is your concern, I} think iris scanners are the way to
go. If you can't
} "hack" it and you have} to settle w/fingerprint or
retinal scanners, I would
} go for the fingerprint} scanner.} } -J} } ----- Original
Message -----} From: Naveed Ahmed
<naveed.ahmed@vinciti.com>} To: <msconzo@tamu.edu>;
} <security-basics@security-focus.com>} Sent: Thursday,
November 07, 2002 11:05 AM} Subject: RE: Biometric
question} } } > Michael is right.} > the better ones are (
at least relatively more
} difficult to fake) retina} > scans and voice
recognition.} > dont go by what tom cruise does in 'minority
} report' with the eye} balls.!!!} > rgds} > -Naveed} >} >
-----Original Message-----} > From: Michael Sconzo
[mailto:msconzo@tamu.edu]} > Sent: Thursday, November 07,
2002 10:43 PM} > To: security-basics@security-focus.com} >
Subject: RE: Biometric question} >} >} > -----BEGIN PGP
SIGNED MESSAGE-----} > Hash: SHA1} >} > One of the more
memorable things that I have read
} about fingerprint} > scanners is:} >
} http://www.counterpane.com/crypto-gram-0205.html#5} >} >
You can basically fake a fingerprint biometric
} machine with a gummi} > bear. If I remember correctly,
the majority of
} fingerprint scanners} > are vulnerable to this type of
attack. One of the
} big things to look} > for is one that samples SHAPES not
POINTS, and
} remember the more the} > merrier.} >} > As for other
types of biometrics, I am not too
} sure, hopefully} > somebody else can shed some light on
those.} >} > - -mike} >} >} > - -----Original Message-----}
> From: Felix Cuello [mailto:felix@qodiga.com]} > Sent:
Wednesday, November 06, 2002 1:27 PM} > To:
security-basics@security-focus.com} > Subject: Biometric
question} >} >} >} > Hello list!} >} > I will work in a
project where phisical security
} will be based on} > biometrics, in fact only will be
based on
} fingerprints biometric.} >} > How secure are
fingerprints?, what biometric are
} more secure?} > (voice,} > eye, ??? what else).} >} >
I'm not a security expert :-)} >} > Thanks a lot,} >}
> Felix} > [my english is bad... please sorry :-)]}
>} > - --} > Felix Cuello} > felix@qodiga.com} >} >
Qodiga/its} > Av.Santa Fe 882 P.13 Of. "E"} > C.P.
ABP1059C} > Tel.: (54) 011 - 4312-1698} > Buenos Aires -
Argentina} >} > -----BEGIN PGP SIGNATURE-----} > Version:
PGPfreeware 6.5.8 for non-commercial use
} <http://www.pgp.com>} >} >
}
iQA/AwUBPcqfKy76iJsaBRvcEQJ4GQCg8IIGDvldPOk6Bll7RV8spScjPDAAoPuy}
> DzeFhJhhlLBeyqWGS/NABATs} > =kUtf} > -----END PGP
SIGNATURE-----} >}
--------------------------------------------
SAPO ADSL.PT Agora o kit apenas por 75 Eur. e tráfego ilimitado até ao final de 2002!
Mais informações em http://www.sapo.pt/kitadsl
- Previous message: David J. Bianco: "Re: Company Firewall's IP Address"
- In reply to: Leonard.Ong@nokia.com: "Yahoo Messenger Stale Sessions"
- Next in thread: Leonard.Ong@nokia.com: "RE: Yahoo Messenger Stale Sessions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
