Re: Exploiting any network protocol with secondary datachannelsopened from the server

[mikael.olsson () ENTERNET SE (Mikael Olsson)]

Blue Boar wrote:
> I don't suppose Sandboxed Java Applets have any legal way to detemine
> which ports are open on the machine they're running on, do they?

Something struck me as a possibility here. I don't know the first thing
about Java, but I'm wondering if the socket interface in the standard
Java libs has some similarities to standard BSD sockets.

If you're allowed to issue "bind(socket,sockaddr);" equivalent requests
in Java, you can loop requests from local ports 0 to 65535 and see
which ones you are NOT allowed to bind. The ones you are not allowed
to bind are likely the ones that are already taken by some application.
This may be listening server ports or simply other dynamically allocated
ports. With some "intelligence" in the applet you can probably guess
which ports are interesting and which ones are not.
(Or simply try to bind a few ports that you know to be interesting
beforehand.)

AGAIN, NOTE: I have NO idea if the above works. It'd be nice if someone
with a bit of experience in Java could verify if it does.
(Specifically: is there even a "bind" equivalent?)

/Mike

--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50           Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.se        E-mail: mikael.olsson () enternet se