Security Incidents mailing list archives
RE: Yahoo Messenger Stale Sessions
From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 13 Nov 2002 09:35:11 -0800
Not so arbitrary. He needs to not only spoof the IP address your friend had, but also get the other port number and the TCP sequence number right. Which might not be much challenge *IF* he was able to sniff your original conversation. (If he's spoofing rather than assuming the address, he'll need to sniff your machine's responses....) That much probably limits it to people within either your, or your friend's, network provider. Then there's the question of what to do with this connection. Is there a vulnerability in Yahoo Messenger that could be exploited from there? (If so, should you be using it at all?) David Gillett
-----Original Message----- From: Leonard.Ong () nokia com [mailto:Leonard.Ong () nokia com] Sent: Tuesday, November 12, 2002 5:39 PM To: incidents () securityfocus com Subject: RE: Yahoo Messenger Stale Sessions Hello All, During my observation in daily use of Yahoo Messenger, my computer has "stale/zombie" sessions. For example, If i have received/message a friend, yahoo will normally make a direct connection from my PC to my friend. From Netstat result, you can see a high port on my computer is having an Established session with my peer's:5101 port. The issue is, after a contact has gone offline (dial-up), the state established in the netstat will remain until the next day. I wouls see this as a vulnerabilities, since an arbitrary user can assume the IP Address was used (dial-up->dynamic ip assignment), and use this established session to assume it. Any idea ? Regards, Leonard Ong Network Security Specialist, APAC NOKIA Email. Leonard.Ong () nokia com Mobile. +65 9431 6184 Phone. +65 6723 1724 Fax. +65 6723 1596 -------------------------------------------------------------- -------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: Yahoo Messenger Stale Sessions Leonard.Ong (Nov 13)
- RE: Yahoo Messenger Stale Sessions David Gillett (Nov 13)
- RE: Yahoo Messenger Stale Sessions John Fitzgerald (Nov 14)
- <Possible follow-ups>
- Re: Yahoo Messenger Stale Sessions BANIER Jeremie (Nov 14)
- RE: Yahoo Messenger Stale Sessions David Gillett (Nov 13)