Full Disclosure mailing list archives
RE: ICF scan
From: "Mortis" <m0rtis () adelphia net>
Date: Tue, 29 Jul 2003 12:13:51 -0400
non,
This might not be the right place for it
Security basics [@1] would have been a better choice. This list is noisy enough that you should only post if it has to do with security risks, roasting moronings and wieners, to complain about how your OS is designed, or if you got a cool piece of spam we all need to see. Oh, yeah, and to post the 30th confirmation that your particular version of the browser also dies when you press control-c. But since you did post it here, I suppose you may as well get an answer:
I was playing around with my XP box and scanned myself with the ICF in place and without. ... But why there are more open ports with ICF than without?
Your machine has more than one ethernet interface, the external one(s) you plug into the net and an internal loopback device. The loopback device is software only. It is typically called localhost and has the address 127.0.0.1. A datagram sent by a higher level protocol to this address should loop back inside the host [@2]. Sometimes programs use sockets to perform inter-process communication. A service may be intended for local use only. These programs will open sockets only on the loopback device; no one on the outside can see them without 0wning you first. When you scanned yourself from the same machine, you scanned localhost. You are seeing _local_ ports that ICF opened. Try scanning it from another host to see what it looks like on the external interface. [ObFullDisclosure] Open your Apple II floppy case and put a piece of paper in it. Mark this paper with the spiral that the heads go through on a full disk scan. You can use this to monitor the boot up sequence of all the k00l protected Borland games and crack them [so as you can make a backup copy]. Hint: watch for half tracks. You can also cut open your floppies, slip out the disc, and use a hole punch to turn them into double sided disks. Just mimic the holes on the other side and put them back together. Those lairs at 3M tell you that the single sided disks aren't coated properly on both sides. NO NOTICE FOR 0DAY!! YEAH!!!!! [@1] http://www.securityfocus.com/archive [@2] http://www.faqs.org/rfcs/rfc3330.html -- Gratefully dead, m0rtis _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- ICF scan isa vaul (Jul 29)
- RE: ICF scan Mortis (Jul 29)