Full Disclosure mailing list archives
Re: Reverse http traffic
From: "Lan Guy" <rlanguy () hotmail com>
Date: Tue, 30 Dec 2003 10:48:03 +0200
Did you check the proxy settings? ----- Original Message ----- From: "Daniel H. Renner" <dan () losangelescomputerhelp com> To: <full-disclosure () lists netsys com> Sent: Tuesday, December 30, 2003 12:23 AM Subject: [Full-disclosure] Reverse http traffic
Hello, I had a case recently wherein one of a client's systems (Win2k) could not access http, or mail traffic. At the same time, 2 other systems (Win95 and Xandros) could, and yet he could access all of the other network shares via TCP. He brought it to my shop, it was patched up, already had the latest anti-virus defs, and it got on the 'net fine here. He returned with it and set it up - and could not get any http or email. I went to his office to see what was up, hooked in my little 'kneetop' (Sony Picturebook) and browsed just fine. I then installed a Linux firewall on a spare computer, replaced the Linksys router with it and instantly his Win2k was able to browse and get email. I checked the firewall logs and saw quite a few attempts from a Google IP address (whois-ed, but I'm not ignoring that it was possibly spoofed) that was sending IN traffic with a source port of 80 and a destination port in the temporary range (33xx) - eh??? I can speculate (otherwise known as 'assume' :) that this site was trying to spoof my client's system into accepting some traffic by using a reverse-flow, but... Can anyone tell me what actually could cause this? -- Thank you, Dan Renner President Los Angeles Computerhelp http://losangelescomputerhelp.com 818.352.8700 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Reverse http traffic Daniel H. Renner (Dec 29)
- Re: Reverse http traffic Lan Guy (Dec 30)
- Re: Reverse http traffic Ron DuFresne (Dec 30)
- Re: Reverse http traffic Daniel H. Renner (Dec 30)
- <Possible follow-ups>
- RE: Reverse http traffic Daniel H. Renner (Dec 30)
- Re: Reverse http traffic Daniel H. Renner (Dec 30)