Vulnerability Development mailing list archives
Re: getcat.com -- IE CueCat Spy on you.
From: Doug Kahler <dougak () TAMPABAY RR COM>
Date: Fri, 8 Sep 2000 13:17:33 -0400
Well knowing that the company that developed CueCat probably wants to collect info about users. I would imagine they tried to connect to netbios to grab your MAC address. They are prob trying to associate your info with your MAC address. Since MAC addresses are supposed to be unique they could be used in the same way as the PIII Serial Number. So even if you delete your cookies they'll still be able to track you though your MAC address. That's why for you or anyone else who is reading this and has netbios open to the internet, you had better close it. ----- Original Message ----- From: "Richard Rager" <kb8rln () PENGUINMASTER COM> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Friday, September 08, 2000 10:49 AM Subject: getcat.com -- IE CueCat Spy on you.
Ok I was having problem goto to www.CueCat.com so I looked with tcpdump to see what was going on. The CueCat site was tring to connect to my computer netbios port. Here is the proof. 10:33:51.938023 > 209.81.164.237.3991 > 216.34.143.198.www: S [ECN-Echo,CWR] 1634597875:1634597875(0) win 4452 <mss 1484,sackOK,timestamp 34033191 0,nop,wscale 0> (DF) 10:33:54.936372 > 209.81.164.237.3991 > 216.34.143.198.www: S [ECN-Echo,CWR] 1634597875:1634597875(0) win 4452 <mss 1484,sackOK,timestamp 34033491 0,nop,wscale 0> (DF) 10:34:00.936370 > 209.81.164.237.3991 > 216.34.143.198.www: S [ECN-Echo,CWR] 1634597875:1634597875(0) win 4452 <mss 1484,sackOK,timestamp 34034091 0,nop,wscale 0> (DF) 10:34:12.936364 > 209.81.164.237.3991 > 216.34.143.198.www: S [ECN-Echo,CWR] 1634597875:1634597875(0) win 4452 <mss 1484,sackOK,timestamp 34035291 0,nop,wscale 0> (DF) 10:34:27.376342 < 209.81.216.169.1957 > 209.81.164.237.netbios-ssn: S 35808593:35808593(0) win 8192 <mss 536,nop,nop,sackOK> (DF) 10:34:27.376489 > 209.81.164.237.netbios-ssn > 209.81.216.169.1957: R 0:0(0) ack 35808594 win 0 (DF) 10:34:28.146342 < 209.81.216.169.1957 > 209.81.164.237.netbios-ssn: S 35808593:35808593(0) win 8192 <mss 536,nop,nop,sackOK> (DF) 10:34:28.146397 > 209.81.164.237.netbios-ssn > 209.81.216.169.1957: R 0:0(0) ack 1 win 0 (DF) 10:34:29.006332 < 209.81.216.169.1957 > 209.81.164.237.netbios-ssn: S 35808593:35808593(0) win 8192 <mss 536,nop,nop,sackOK> (DF) 10:34:29.006387 > 209.81.164.237.netbios-ssn > 209.81.216.169.1957: R 0:0(0) ack We need to stop this type of abuse. Enjoy, Richard
Current thread:
- getcat.com -- IE CueCat Spy on you. Richard Rager (Sep 08)
- Re: getcat.com -- IE CueCat Spy on you. Doug Kahler (Sep 12)
- Re: getcat.com -- IE CueCat Spy on you. Richard Rager (Sep 12)
- <Possible follow-ups>
- Re: getcat.com -- IE CueCat Spy on you. Oliver Friedrichs (Sep 12)
- Re: getcat.com -- IE CueCat Spy on you. Doug Davis (Sep 12)