Vulnerability Development mailing list archives
Re: getcat.com -- IE CueCat Spy on you.
From: Oliver Friedrichs <ofriedrichs () SECURITYFOCUS COM>
Date: Fri, 8 Sep 2000 09:46:20 -0700
10:34:12.936364 > 209.81.164.237.3991 > 216.34.143.198.www: S [ECN-Echo,CWR] 1634597875:1634597875(0) win 4452 <mss 1484,sackOK,timestamp 34035291 0,nop,wscale 0> (DF) 10:34:27.376342 < 209.81.216.169.1957 > 209.81.164.237.netbios-ssn: S 35808593:35808593(0) win 8192 <mss 536,nop,nop,sackOK> (DF) 10:34:27.376489 > 209.81.164.237.netbios-ssn > 209.81.216.169.1957: R 0:0(0) ack 35808594 win 0 (DF)
These are 2 completely different hosts communicating on your local network using NetBIOS. Notice the difference in IP addresses from your own host (209.81.164.3991). Tcpdump runs in promiscuous mode, and your seeing traffic for the whole local network. - Oliver
Current thread:
- getcat.com -- IE CueCat Spy on you. Richard Rager (Sep 08)
- Re: getcat.com -- IE CueCat Spy on you. Doug Kahler (Sep 12)
- Re: getcat.com -- IE CueCat Spy on you. Richard Rager (Sep 12)
- <Possible follow-ups>
- Re: getcat.com -- IE CueCat Spy on you. Oliver Friedrichs (Sep 12)
- Re: getcat.com -- IE CueCat Spy on you. Doug Davis (Sep 12)