Vulnerability Development mailing list archives
Re: Malicious use of grc.com
From: Nicolas Gregoire <ngregoire () exaprobe com>
Date: Tue, 27 Nov 2001 11:48:35 +0100
26/11/2001 20:54:26, Magni () HammerofGod com wrote :
Instead, we can easily bypass the need to crack the hash by simply using the "IP Agent" supplied by Gibson. Over a year ago, a hacked version of IP Agent was published that allowed one to supply an address to scan-- Gibson discounted this as a non-issue, but reportedly fixed IP Agent to perform a check to prevent this from happening.
I reported this information on September 2001 : http://msgs.securepoint.com/cgi-bin/get/bugtraq0009/9.html Apparently, Steve Gibson still use a silly method to check for IP adresses to scan .... Quoting him : "As you'll see, this next-generation scan cannot be "faked out" in the same fashion since it deliberately maintains open and active connections to the user's target browser and penetrates NAT routers and firewalls" :) Nicolas Grégoire Exaprobe (http://www.exaprobe.com)
Current thread:
- Re: Malicious use of grc.com netscience (Nov 26)
- <Possible follow-ups>
- Malicious use of grc.com Magni (Nov 26)
- Re: Malicious use of grc.com Brad (Nov 26)
- Re: Malicious use of grc.com Thorsten Droigk (Nov 26)
- Re: Malicious use of grc.com Blue Boar (Nov 26)
- Re: Malicious use of grc.com Festive (Nov 27)
- Re: Malicious use of grc.com Nicolas Gregoire (Nov 27)
- RE: Malicious use of grc.com Everhart, Glenn (FUSA) (Nov 28)
- RE: Malicious use of grc.com Nicko Demeter (Nov 28)
- RE: Malicious use of grc.com H C (Nov 28)