Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: ICF scan

From: "Mortis" <m0rtis () adelphia net>
Date: Tue, 29 Jul 2003 12:13:51 -0400
non,


This might not be the right place for it


Security basics [@1] would have been a better choice.  This
list is noisy enough that you should only post if it has to
do with security risks, roasting moronings and wieners, to
complain about how your OS is designed, or if you got a cool
piece of spam we all need to see.  Oh, yeah, and to post the
30th confirmation that your particular version of the
browser also dies when you press control-c.  But since you
did post it here, I suppose you may as well get an answer:


I was playing around with my XP box and scanned
myself with the ICF in place and without. ...
But why there are more open ports with ICF than
without?


Your machine has more than one ethernet interface, the
external one(s) you plug into the net and an internal
loopback device.  The loopback device is software only.  It
is typically called localhost and has the address 127.0.0.1.
A datagram sent by a higher level protocol to this address
should loop back inside the host [@2].

Sometimes programs use sockets to perform inter-process
communication.  A service may be intended for local use
only.  These programs will open sockets only on the loopback
device; no one on the outside can see them without 0wning
you first.

When you scanned yourself from the same machine, you scanned
localhost.  You are seeing _local_ ports that ICF opened.

Try scanning it from another host to see what it looks like
on the external interface.

[ObFullDisclosure]

Open your Apple II floppy case and put a piece of paper in
it.  Mark this paper with the spiral that the heads go
through on a full disk scan.  You can use this to monitor
the boot up sequence of all the k00l protected Borland games
and crack them [so as you can make a backup copy].  Hint:
watch for half tracks.

You can also cut open your floppies, slip out the disc, and
use a hole punch to turn them into double sided disks.  Just
mimic the holes on the other side and put them back
together.  Those lairs at 3M tell you that the single sided
disks aren't coated properly on both sides.

NO NOTICE FOR 0DAY!!  YEAH!!!!!

[@1] http://www.securityfocus.com/archive
[@2] http://www.faqs.org/rfcs/rfc3330.html
--
Gratefully dead,
m0rtis

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: