Security Incidents mailing list archives
Re: Strange port 23 traffic
From: "Greg A. Woods" <woods () weird com>
Date: Mon, 19 Mar 2001 12:22:22 -0500
[ On Monday, March 19, 2001 at 09:36:38 (-0500), Bill Royds wrote: ]
Subject: Re: Strange port 23 traffic This is Conducent spyware posting user information to select its advertising. It uses POST to describe the adware you are running and the particular user ID of the machine. It then retrieves the ad that will be shown to the user. Conducent collects the demographics of its users to tailor the advertising to user interest.
And they're running it over port 23! how clever but stupid of them! No corporate firewall I touch has ever passed port 23 again, and I started that practice a number of years ago. Of course my goal has been to stop stupid users from sending passwords in the clear..... Of course if they're willing to stoop to such tricks (but still use an obvious and visible protocol like HTTP) then they'll not be easily stopped.... -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods () acm org> <robohack!woods> Planix, Inc. <woods () planix com>; Secrets of the Weird <woods () weird com>
Current thread:
- Strange port 23 traffic Costas Karafasoulis (Mar 18)
- Re: Strange port 23 traffic Ray Simard (Mar 19)
- <Possible follow-ups>
- Re: Strange port 23 traffic Bill Royds (Mar 19)
- Re: Strange port 23 traffic Greg A. Woods (Mar 19)