"Stanislav Malyshev a.k.a Frodo" wrote:
>
> AO>> But if icq.com(example) got my packet and know my "secret" intranet
> AO>> addresses
>
> Oh, yeah, those defined in top-secret RFC1918? 10.1.1.1? 10.10.1.1?
> 192.168.1.1? 172.16.1.1? Am I l33t haxx0r already?
> Guess how many pings is it going to take me to know each
> internet-accessible address on your network after knowing one by looking
> up your mailserver?
The thing is, through ICQ i can know the following:
1. the computer on 192.168.1.78(example) is up
2. It can receive connection to the ICQ port
3. the NAT gateway/fw allows "related" packets to pass from icq to
192.168.1.78
4. icq packets are classified as "related".
Now any man-in-the-middle attack becomes very easy.
You spoof your address (using known flaws in DNS)
and easily get into the inner network.
--
Alon Oz,
Aduva Research Team,
Mailto: [EMAIL PROTECTED]
--
It's always darkest just before it goes pitch black.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
