Full Disclosure mailing list archives
Re: UnAnonymizer
From: Cardoso <cardosolistas () contraditorium com>
Date: Tue, 27 Jun 2006 05:54:15 -0300
If the app uses an unknow DNS server, I think it's enough of a risk to worry about. On Tue, 27 Jun 2006 08:49:13 +0000 (GMT) Brate Sanders <brate_sanders () yahoo co uk> wrote: BS> BS> Is there a security issue hidden somewhere in there or is it just a bug report sent to the wrong mailing list address? :-) BS> BS> BS> ----- Original Message ---- BS> From: Peter Besenbruch <prb () lava net> BS> Cc: full-disclosure () lists grok org uk BS> Sent: Tuesday, 27 June, 2006 1:42:33 PM BS> Subject: Re: [Full-disclosure] UnAnonymizer BS> BS> H D Moore wrote: BS> > A fun browser toy that depends on Java for complete results: BS> > - http://metasploit.com/research/misc/decloak/ BS> BS> Fun indeed: BS> BS> Field Data Dependency BS> External Address: 24.199.198.152 None BS> Internal Host: unknown Java BS> Internal Address: unknown Java BS> DNS Server (API): unknown Java BS> DNS Server (HTTP): 24.199.198.158 None BS> External NAT: unknown Java BS> BS> The "External Address" listed belongs to a TOR server hosted on BS> RoadRunner. The DNS server is also part of that system. I'm assuming the BS> "Internal Host" should have been mine? The "Internal Address" mine, BS> also? The "DNS Server (API)" my ISP's? Something isn't working. BS> BS> Here's another page that tries something similar with Java: BS> http://gemal.dk/browserspy/ipjava.html BS> BS> I get similar results to the above. Yes, Java is installed (version 1.5). BS> BS> -- BS> Hawaiian Astronomical Society: http://www.hawastsoc.org BS> HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky BS> BS> _______________________________________________ BS> Full-Disclosure - We believe in it. BS> Charter: http://lists.grok.org.uk/full-disclosure-charter.html BS> Hosted and sponsored by Secunia - http://secunia.com/ BS> BS> BS> BS> BS> year(now) + 1 serĂ¡ o ano do linux! Cardoso <cardoso () pobox com> - SkypeIn: (11) 3711-2466 / (41) 3941-5299 vida digital: http://www.contraditorium.com site pessoal e blog: http://www.carloscardoso.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- UnAnonymizer H D Moore (Jun 26)
- Re: UnAnonymizer Peter Besenbruch (Jun 27)
- Re: UnAnonymizer Brate Sanders (Jun 27)
- Re: UnAnonymizer Cardoso (Jun 27)
- Re: UnAnonymizer Peter Besenbruch (Jun 27)
- Re: UnAnonymizer Brate Sanders (Jun 27)
- Re: UnAnonymizer Peter Besenbruch (Jun 27)
- Re: UnAnonymizer pdp (architect) (Jun 27)
- Re: UnAnonymizer Tonnerre Lombard (Jun 27)
- Re: UnAnonymizer pdp (architect) (Jun 28)
- Re: UnAnonymizer Tonnerre Lombard (Jun 27)
- Re: UnAnonymizer H D Moore (Jun 27)
- Re: UnAnonymizer Michael Holstein (Jun 27)
- Re: UnAnonymizer Peter Besenbruch (Jun 27)
- Re: UnAnonymizer Peter Besenbruch (Jun 27)
- Re: UnAnonymizer RaMatkal (Jun 29)
- Re: UnAnonymizer Michael Holstein (Jun 27)