[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] Re: Security : Port scanning

To: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Subject: Re: [Sheflug] Re: Security : Port scanning
From: M <martin.sillence [at] xxxxxxxxxxxxxxxx>
Date: Thu, 8 May 2003 14:47:01 +0100
Cc: jlev [at] xxxxxxxxxxxx
Delivered-to: shef-lug [at] list.sheflug.org.uk
List-help: <mailto:shef-lug-request [at] list.sheflug.org.uk?subject=help>
List-id: Sheflug <shef-lug.list.sheflug.org.uk>
List-post: <mailto:shef-lug [at] list.sheflug.org.uk>
List-subscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=subscribe>
List-unsubscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=unsubscribe>
Reply-to: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Sender: shef-lug-admin [at] xxxxxxxxxxxxxxxxxxx

On Thu, 08 May 2003 13:17:45 +0100
Jonathan Le Vallois <jlev [at] fluent.co.uk> wrote:

> > Spoofing an adress for port scanning isn't likely to be of much
> > use as you can't see the results coming back or am I missing
> > something?
> > 
> 
> Here's one use (someone else's explanation):
> 
> First, the target host
> is choosen.  Next, a pattern of trust is discovered, along with a
> trusted host.  The trusted host is then disabled, and the target's TCP
> sequence numbers are sampled.  The trusted host is impersonated, the
> sequence numbers guessed, and a connection attempt is made to a
> service that only requires address-based authentication.  If
> successful, the attacker executes a simple command to leave a
> backdoor.

Here you look for a pattern of trust, you need to know that
ports are open (rsh or whatever) before you can spoof the fake
connection. The expoit can use spoofed addresses (that of the trusted
host) but the port scan can not. Sorry but I don't think this is an
example of port scanning from a spoofed address...

Not that anyone with a modern machine has any reason to have rsh enabled
or used, ssh is a much safer drop in replacement.

-- 
Regards,
M

Martin Sillence
PR Newswire

DL +44 (0)1865 78 5065
F  +44 (0)1865 78 5100
W  www.prnewswire.co.uk
---------------------------------------

"We tell your story to the world." 

NEWS TARGETING * REGULATORY & GLOBAL NEWS DISTRIBUTION * MULTIMEDIA *
NEWS MONITORING

Any views or opinions are solely those of the author and do not
necessarily represent those of PR Newswire Europe. The e-mail contents
are intended only for addressee and may contain confidential and/or
privileged material. If you are not the intended recipient, please do
not read, copy, use or disclose this communication
___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

  GNU the choice of a complete generation.

References:
- RE: [Sheflug] Re: Security : Port scanning
  - From: Morris, David (Allvac, UK)
- [Sheflug] Re: Security : Port scanning
  - From: Richard Ibbotson
- Re: [Sheflug] Re: Security : Port scanning
  - From: M
- Re: [Sheflug] Re: Security : Port scanning
  - From: Jonathan Le Vallois

Prev by Date: Re: [Sheflug] Re: Security : Port scanning
Next by Date: Re: [Sheflug] Re: Security : Port scanning
Previous by thread: Re: [Sheflug] Re: Security : Port scanning
Next by thread: RE: [Sheflug] Re: Security : Port scanning
Index(es):
- Date
- Thread