Security Incidents mailing list archives

Re: Strange port 23 traffic

From: "Greg A. Woods" <woods () weird com>
Date: Mon, 19 Mar 2001 12:22:22 -0500

[ On Monday, March 19, 2001 at 09:36:38 (-0500), Bill Royds wrote: ]

Subject: Re: Strange port 23 traffic

This is Conducent spyware posting user information to select its advertising.
It uses POST to describe the adware you are running and the particular user ID
of the machine. It then retrieves the ad that will be shown to the user.
   Conducent collects the demographics of its users to tailor the advertising to
user interest.


And they're running it over port 23!  how clever but stupid of them!

No corporate firewall I touch has ever passed port 23 again, and I
started that practice a number of years ago.  Of course my goal has been
to stop stupid users from sending passwords in the clear.....

Of course if they're willing to stoop to such tricks (but still use an
obvious and visible protocol like HTTP) then they'll not be easily
stopped....

--
                                                        Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods () acm org>      <robohack!woods>
Planix, Inc. <woods () planix com>; Secrets of the Weird <woods () weird com>

Current thread:

Strange port 23 traffic Costas Karafasoulis (Mar 18)
- Re: Strange port 23 traffic Ray Simard (Mar 19)
- <Possible follow-ups>
- Re: Strange port 23 traffic Bill Royds (Mar 19)
  - Re: Strange port 23 traffic Greg A. Woods (Mar 19)