Vulnerability Development mailing list archives
actions to jump2.eudora.com
From: Peter Batenburg <petertje () DEEJAYS NL>
Date: Sun, 27 Aug 2000 21:46:48 +0200
Hello, after the last message, i fiddled with tcpdump.. and got the following: [root@host /]% tcpdump -vvv -s 150 -x -X dst host jump2.eudora.com tcpdump: listening on fxp0 21:26:14.591942 xxxxxxxxxxx.1299 > jump2.eudora.com.http: S 19009316:1900931 6(0) win 8192 <mss 1460,nop,nop,sackOK> (DF) (ttl 128, id 20808) 0x0000 4500 0030 5148 4000 8006 edbb 0a00 0001 E..0QH@......... 0x0010 d0b8 e10a 0513 0050 0122 0f24 0000 0000 .......P.".$.... 0x0020 7002 2000 91b2 0000 0204 05b4 0101 0402 p............... 21:26:14.801079 xxxxxxxxxxxx.1299 > jump2.eudora.com.http: . 19009317:1900931 7(0) ack 1773137951 win 9520 (DF) (ttl 128, id 21064) 0x0000 4500 0028 5248 4000 8006 ecc3 0a00 0001 E..(RH@......... 0x0010 d0b8 e10a 0513 0050 0122 0f25 69af f01f .......P.".%i... 0x0020 5010 2530 5f67 0000 0000 0000 0000 P.%0_g........ 21:26:14.801591 xxxxxxxxxxxx.1299 > jump2.eudora.com.http: P 0:207(207) ack 1 win 9520 (DF) (ttl 128, id 21320) 0x0000 4500 00f7 5348 4000 8006 eaf4 0a00 0001 E...SH@......... 0x0010 d0b8 e10a 0513 0050 0122 0f25 69af f01f .......P.".%i... 0x0020 5018 2530 7d37 0000 4745 5420 2f6a 756d P.%0}7..GET./jum 0x0030 702e 6367 693f 6163 7469 6f6e 3d75 7064 p.cgi?action=upd 0x0040 6174 6526 706c 6174 666f 726d 3d57 696e ate&platform=Win 0x0050 646f 7773 2532 3039 3825 3230 762e 2532 dows%2098%20v.%2 0x0060 3034 2e31 302e 3232 3232 2670 726f 6475 04.10.2222&produ 0x0070 6374 3d45 7564 6f72 6126 7665 7273 696f ct=Eudora&versio 0x0080 6e3d 342e 332e 322e n=4.3.2. i think this is surely interessting.. eudora sending info without my approving.. haven't we seen the same thing with serv-u? at least my firewall has some new entries now..;) # Deny all TCP traffic to and from jump2.eudora.com (eudora backdoor) ${fwcmd} add deny tcp from any to 208.184.225.10 ${fwcmd} add deny tcp from 208.184.225.10 to any Greetings Peter Batenburg Groetjes Petertje
Current thread:
- actions to jump2.eudora.com Peter Batenburg (Aug 27)
- Re: actions to jump2.eudora.com Igor Mozolevsky (Aug 27)
- Re: actions to jump2.eudora.com sigfrid (Aug 27)
- Re: actions to jump2.eudora.com Bluefish (P.Magnusson) (Aug 28)
- Re: actions to jump2.eudora.com Bluefish (P.Magnusson) (Aug 28)
- Re: actions to jump2.eudora.com Bluefish (P.Magnusson) (Aug 28)
- Re: actions to jump2.eudora.com Bluefish (P.Magnusson) (Aug 28)