Vulnerability Development mailing list archives

Re: getcat.com -- IE CueCat Spy on you.

From: Oliver Friedrichs <ofriedrichs () SECURITYFOCUS COM>
Date: Fri, 8 Sep 2000 09:46:20 -0700

10:34:12.936364 > 209.81.164.237.3991 > 216.34.143.198.www: S
[ECN-Echo,CWR] 1634597875:1634597875(0) win 4452 <mss
1484,sackOK,timestamp 34035291 0,nop,wscale
0> (DF)
10:34:27.376342 < 209.81.216.169.1957 > 209.81.164.237.netbios-ssn: S
35808593:35808593(0) win 8192 <mss 536,nop,nop,sackOK> (DF)
10:34:27.376489 > 209.81.164.237.netbios-ssn > 209.81.216.169.1957: R
0:0(0) ack 35808594 win 0 (DF)


These are 2 completely different hosts communicating on your local network
using NetBIOS.  Notice the difference in IP addresses from your own host
(209.81.164.3991).  Tcpdump runs in promiscuous mode, and your seeing
traffic for the whole local network.

- Oliver

Current thread:

getcat.com -- IE CueCat Spy on you. Richard Rager (Sep 08)
- Re: getcat.com -- IE CueCat Spy on you. Doug Kahler (Sep 12)
- Re: getcat.com -- IE CueCat Spy on you. Richard Rager (Sep 12)
- <Possible follow-ups>
- Re: getcat.com -- IE CueCat Spy on you. Oliver Friedrichs (Sep 12)
- Re: getcat.com -- IE CueCat Spy on you. Doug Davis (Sep 12)