Bugtraq mailing list archives
Re: Flawed workaround in MS02-027 -- gopher can run on _any_ port, not just 70
From: Mikael Olsson <mikael.olsson () clavister com>
Date: Fri, 14 Jun 2002 09:11:24 +0200
Jim Paris wrote:
Have you actually tried this?
I believe the question is: have _you_ actually tried this?
On all versions I've tried and from what I've read elsewhere on the Net, MSIE doesn't work at all with gopher ports other than 70.
It works just fine. That is: the _first_ connection works just fine. What _doesn't_ work is clicking around inside a gopher site on a non- standard port, since after the first connection, MSIE promptly forgets about the port number we gave it in the original URL, and connects to port 70. However, all an attacker needs is that first connection. :/ -- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com
Current thread:
- Flawed workaround in MS02-027 -- gopher can run on _any_ port, not just 70 Mikael Olsson (Jun 13)
- Message not available
- Re: Flawed workaround in MS02-027 -- gopher can run on _any_ port, not just 70 Mikael Olsson (Jun 14)
- Message not available