Re: Yahoo Messenger Stale Sessions

[Rudolfo Amnesico <tech () sapo pt>]

hello all,

I'm running a small windows LAN with a linux box as a 
gateway connected to my ISP. This box is using IPTABLES as 
a firewall and, most important, as a NAT translater 
(masquerading, putting it simple) so that only one IP is 
public and all traffic must cross the gateway.

I also register those zombie sessions here. Not only for 
yahoo messenger but for other things such as irc (tcp/6666 
or 6667). Those tcp ESTABLISHED connections remain for 24h 
or more (# cat /proc/net/ip_conntrack).

Connections i've registered that would last a long time:
- websites such as *.ad-doubleclick.com
- irc tcp/6666
- nmap scans (-sS scans?)

comments.
1. it's true. I also have the feeling that this can be 
exploitable. After all, there is already a connection 
established and the host trusts it. ip spoofing/DoS 
vulnerability? 
Anyone has ideas/experiences/tools? 

2. is there any way to kill these sessions as we can do 
with processes? I mean a command like # kill <tcp session>.

Regards to yall.


Citando Leonard.Ong () nokia com:

} Hello All,} } During my observation in daily use of Yahoo
} Messenger, my computer has "stale/zombie" sessions. 
} For example, If i have received/message a friend, yahoo
} will normally make a direct connection from my PC to my
} friend.  From Netstat result, you can see a high por
} on my computer is having an Established session with my
} peer's:5101 port.} } The issue is, after a contact has 
gone offline
} (dial-up), the state established in the netstat will
} remain until the next day.  I wouls see this as a
} vulnerabilities, since an arbitrary user can assume the
} IP Address was used (dial-up->dynamic ip assignment),
} and use this established session to assume it.} } Any 
idea ?} } } Regards,} Leonard Ong} Network Security 
Specialist, APAC} NOKIA} } Email.  Leonard.Ong () nokia com} 
Mobile. +65 9431 6184} Phone.  +65 6723 1724} Fax.    +65 
6723 1596} } } } -----Original Message-----} From: ext Joey 
[mailto:josefhuggins () hotmail com]} Sent: Saturday, November 
09, 2002 9:32 PM} To: Security Basics} Subject: Re: 
Biometric question} } } To clarify:retinal scanning is 
about as effective as
} fingerprints. Retinal} scanning uses a laser light, often 
in the green part
} of the spectrum to scan} the blood vessels of the 
internal eye. Both methods
} scan around 90 metric} points. They can easily read false 
depending on
} whether or not the} biological sample (in this case 
eyeball or finger) is
} placed exactly in the} same position as it was when it 
was initially
} scanned. There is, of course,} with most software a 
threshold setting which will
} allow readings to require} either a very precise ( a 
finger must be placed in
} exactly the same spot} every time on a reader ) or very 
minimal ( a finger
} can be placed anywhere} near the center of the reader, 
but the accuracy drops
} proportionately )} setting. The best way to go from 
everything I've seen
} and read is with iris} scans. Whereas fingerprint and 
retina scans read
} around 90 metric points, an} iris scan reads about 250. 
Iris scans are
} non-invasive whereas retina scans} require a laser light 
or other strong light source
} directed through the} cornea in order to read the vessel 
pattern in the
} back of the eye. While} it's allot more expensive, if 
security, and not money
} is your concern, I} think iris scanners are the way to 
go. If you can't
} "hack" it and you have} to settle w/fingerprint or 
retinal scanners, I would
} go for the fingerprint} scanner.} } -J} } ----- Original 
Message -----} From: Naveed Ahmed 
<naveed.ahmed () vinciti com>} To: <msconzo () tamu edu>;
} <security-basics () security-focus com>} Sent: Thursday, 
November 07, 2002 11:05 AM} Subject: RE: Biometric 
question} } } > Michael is right.} > the better ones are ( 
at least relatively more
} difficult to fake) retina} > scans and  voice 
recognition.} > dont go by what tom cruise does in 'minority
} report' with the eye} balls.!!!} > rgds} > -Naveed} >} > 
-----Original Message-----} > From: Michael Sconzo 
[mailto:msconzo () tamu edu]} > Sent: Thursday, November 07, 
2002 10:43 PM} > To: security-basics () security-focus com} > 
Subject: RE: Biometric question} >} >} > -----BEGIN PGP 
SIGNED MESSAGE-----} > Hash: SHA1} >} > One of the more 
memorable things that I have read
} about fingerprint} > scanners is:} >
} http://www.counterpane.com/crypto-gram-0205.html#5} >} > 
You can basically fake a fingerprint biometric
} machine with a gummi} > bear.  If I remember correctly, 
the majority of
} fingerprint scanners} > are vulnerable to this type of 
attack. One of the
} big things to look} > for is one that samples SHAPES not 
POINTS, and
} remember the more the} > merrier.} >} > As for other 
types of biometrics, I am not too
} sure, hopefully} > somebody else can shed some light on 
those.} >} > - -mike} >} >} > - -----Original Message-----} 
> From: Felix Cuello [mailto:felix () qodiga com]} > Sent: 
Wednesday, November 06, 2002 1:27 PM} > To: 
security-basics () security-focus com} > Subject: Biometric 
question} >} >} >} > Hello list!} >} >    I will work in a 
project where phisical security
} will be based on} >    biometrics, in fact only will be 
based on
} fingerprints biometric.} >} >    How secure are 
fingerprints?, what biometric are
} more secure?} > (voice,} >    eye, ??? what else).} >} >  
  I'm not a security expert :-)} >} >    Thanks a lot,} >} 
>    Felix} >    [my english is bad... please sorry :-)]} 
> } > - --} > Felix Cuello} > felix () qodiga com} >} > 
Qodiga/its} > Av.Santa Fe 882 P.13 Of. "E"} > C.P. 
ABP1059C} > Tel.: (54) 011 - 4312-1698} > Buenos Aires - 
Argentina} >} > -----BEGIN PGP SIGNATURE-----} > Version: 
PGPfreeware 6.5.8 for non-commercial use
} <http://www.pgp.com>} >} >
} 
iQA/AwUBPcqfKy76iJsaBRvcEQJ4GQCg8IIGDvldPOk6Bll7RV8spScjPDAAoPuy} 
> DzeFhJhhlLBeyqWGS/NABATs} > =kUtf} > -----END PGP 
SIGNATURE-----} >} 


--------------------------------------------
SAPO ADSL.PT Agora o kit apenas por 75 Eur. e tráfego ilimitado até ao final de 2002!
Mais informações em http://www.sapo.pt/kitadsl