Vulnerability Development mailing list archives
getcat.com -- IE CueCat Spy on you.
From: Richard Rager <kb8rln () PENGUINMASTER COM>
Date: Fri, 8 Sep 2000 08:49:50 -0600
Ok I was having problem goto to www.CueCat.com so I looked with tcpdump to see what was going on. The CueCat site was tring to connect to my computer netbios port. Here is the proof. 10:33:51.938023 > 209.81.164.237.3991 > 216.34.143.198.www: S [ECN-Echo,CWR] 1634597875:1634597875(0) win 4452 <mss 1484,sackOK,timestamp 34033191 0,nop,wscale 0> (DF) 10:33:54.936372 > 209.81.164.237.3991 > 216.34.143.198.www: S [ECN-Echo,CWR] 1634597875:1634597875(0) win 4452 <mss 1484,sackOK,timestamp 34033491 0,nop,wscale 0> (DF) 10:34:00.936370 > 209.81.164.237.3991 > 216.34.143.198.www: S [ECN-Echo,CWR] 1634597875:1634597875(0) win 4452 <mss 1484,sackOK,timestamp 34034091 0,nop,wscale 0> (DF) 10:34:12.936364 > 209.81.164.237.3991 > 216.34.143.198.www: S [ECN-Echo,CWR] 1634597875:1634597875(0) win 4452 <mss 1484,sackOK,timestamp 34035291 0,nop,wscale 0> (DF) 10:34:27.376342 < 209.81.216.169.1957 > 209.81.164.237.netbios-ssn: S 35808593:35808593(0) win 8192 <mss 536,nop,nop,sackOK> (DF) 10:34:27.376489 > 209.81.164.237.netbios-ssn > 209.81.216.169.1957: R 0:0(0) ack 35808594 win 0 (DF) 10:34:28.146342 < 209.81.216.169.1957 > 209.81.164.237.netbios-ssn: S 35808593:35808593(0) win 8192 <mss 536,nop,nop,sackOK> (DF) 10:34:28.146397 > 209.81.164.237.netbios-ssn > 209.81.216.169.1957: R 0:0(0) ack 1 win 0 (DF) 10:34:29.006332 < 209.81.216.169.1957 > 209.81.164.237.netbios-ssn: S 35808593:35808593(0) win 8192 <mss 536,nop,nop,sackOK> (DF) 10:34:29.006387 > 209.81.164.237.netbios-ssn > 209.81.216.169.1957: R 0:0(0) ack We need to stop this type of abuse. Enjoy, Richard
Current thread:
- getcat.com -- IE CueCat Spy on you. Richard Rager (Sep 08)
- Re: getcat.com -- IE CueCat Spy on you. Doug Kahler (Sep 12)
- Re: getcat.com -- IE CueCat Spy on you. Richard Rager (Sep 12)
- <Possible follow-ups>
- Re: getcat.com -- IE CueCat Spy on you. Oliver Friedrichs (Sep 12)
- Re: getcat.com -- IE CueCat Spy on you. Doug Davis (Sep 12)