Vulnerability Development mailing list archives
Re: smk
From: Ryan Permeh <ryan () EEYE COM>
Date: Wed, 10 Jan 2001 09:28:22 -0800
perhaps this just wasn't written in a way i could understand, but from what i gathered, it looked like they were trying to do some kind of dns redirection attack, paired with the routing of the loopback address(not even sure why anyone would want to route this, since it ususally will never even send a packet on the wire). I'm not certain i'm seeing any new vulnerabilities, or any vulnerabilities at all. it wasn't written in a way where i could understand their test scenarios, or the processes they used, or even really what the end result should have been. perhaps someone who read this and understood it better could comment further, but from the information in there, i couldn't see any problems, ither than a presupposed NIC Registry spoof and a bad routing table on router X. Signed, Ryan eEye Digital Security Team http://www.eEye.com ----- Original Message ----- From: "Jim Carr" <viper () BEA COM> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Tuesday, January 09, 2001 10:51 AM Subject: smk
I haven't heard any chat about this from Stray Mountain Kitty about a NAT exploit. http://www.cryptography.ws/smk/smk-vun.001.001.htm Has anyone have any ideas or heard about this? Viper Team viper () bea com