in November`99 more or less... i've discovered 5 type of new stealth scan,
with the modification of flags used normally on XMAS stealth scan.
the five type of packets that can be used for stealth scanning, and isn't
logged from the normal tcplogd/scanlogger have this flag:
URG
PUSH
URG+FIN
PUSH+F
First of all, it was my intent by posting this message
to be informational to all that Axent ESM, a
compliance monitoring tool by function that by default
checks for the regular changing of account passwords
at the OS level, has it's own internal issue with
attempting to change it's own console pa
How? Get into your Hotmail account. After you are logged in, modify in the
string address the part with "disk=216.33.148.68_" in something like
"disk="abc.beh.doh.cih_". I mean to put string text in the place of the IP
address. It will give you a nice error revealing directory structure of
server
- Original Message -
From: Lark Lizerman <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, January 14, 2000 3:05 AM
Subject: MS IIS 5.0 Access Violation on handling URL String
>I have 2 screenshots where 2 of the messages are displayed.
>The system I have tried it out is a clust
Hi,
Someone tried this on one of my domains a few weeks ago, and I wrote up a
brief account of the incident, show some of the technical details of the
actual attack, and describe how admin should upgrade their Guardian
authentication settings with Internic if they haven't already done so.
Inter
While reading my bugtraq mail, I read over the ICQ overflow that had be found
(suprised it came so late) so I was curious if this existed in any other clients. Upon
testing the below URL, yahoo pager/messenger crashed in the same was as ICQ.
http://www.asdf.com/?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Can (more or less) verify that overflow...
I am running ICQ 99beta 3.1.9 build #2596 and tried to send some MESSAGES
(no, NOT URL)
It seemed that only the messagebox would let you send larger stuff
Couldnt paste a lot into the URL-box
So, with messa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> -Original Message-
> From: Chris Tobkin [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, January 12, 2000 2:08 PM
>
> > The same problem still exists on IIS4 (tested with SP5 -
> didn't try on
> > SP6).
>
> Still exists as far back as IIS3 also
Actually, it goes MUCH farther than what has been mentioned here thus far.
I run a commercial webserver, and I run my own DNS for that webserver. Once
a while back we migrated all of our DNS information from a slower machine to
a faster machine. Rather than renaming the hostname and IP address o
If you go to "Preferences -> Home directory -> Application, and select
"Check if file exists" for the various IISAPI mappings your server has
(in this case .ida) then the error should be corrected.
You should at the same time remove any IISAPI mappings you do not want
your users to be able to use
-BEGIN PGP SIGNED MESSAGE-
>
>http://www.microsoft.com/%3CIMG%20SRC=javascript:alert(%34window.location:%34%43window.location)%3E.ida
I tested the following on Netscape Lite 4.51/Export, 01-Mar-99 for
Linux:
http://www.microsoft.com/%3CIMG%20SRC=%22javascript:alert('window.location='%2
Hello out there,
At 11:10 13.01.00 , Georgi Guninski wrote:
>This leads to a client side problem also.
>The problem is IIS does not escape the response, so one may put some
>HTML and javascript in the page returned from www.microsoft.com.
>Vulnerabilities:
>1) For IE (tested on 5.01, probably oth
Hi,
My collegue Roy Froma was checking a httpd-log while debugging a
web site script, and saw a strange looking
referer in the log. When he copied this URL to his browser, he was
suddenly reading somebody elses mail. Apparently this person had
clicked on a link to our site in his email.
The
The purpose of this message is to solicit participation in birds of a
feather (BOF) session to discuss the Distributed Denial of Service (DDOS)
problem.
WHO: Everyone interested in aggressively addressing a category of attack
threatening Internet-connected systems.
WHAT: We (ICSA.net ) are offer
Hi,
To solve this problem check in the propierties of the web server
the option "Check that file exists", in
Home Directory/Application Settings/Configuration/App Mappings in
the Edit Window of the .ida and .idq extensions.
Both extensions are interpreted by idq.dll.
Antonio Ropero
[EMAIL PROTECT
Question:
Did you try this out on WinNT4.0 SP4,SP5,SP6 running IIS 5.0?
Fact about dataloss:
I think even if it restarts automaticly the bug MUST be fixed.
On large servers with couple of hundred clients doing downloads a restart
would still
mean abort of data transfer.
2 processes watching each
- Forwarded message from HP Electronic Support Center
<[EMAIL PROTECTED]> -
Date: Mon, 17 Jan 2000 04:54:01 -0800 (PST)
Subject: Security Bulletins Digest
From: [EMAIL PROTECTED] (HP Electronic Support Center )
To: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Errors-To: [EMAIL PROTECTE
There have been a number of times when a customer of ours wishes to
move a domain to us. Latest case, they had a domain with another
provider, and the admin and billing contact were listed under
[EMAIL PROTECTED] of the owner. For whatever reason his e-mail at
domain.com was not working, pa
Timbuktu Pro 32 (TB2)from Netopia sends user IDs and passwords in clear
text.
When TB2 is used to remote control a machine that is not logged in or is
locked, any user ID and password that is typed in is sent in clear text. A
malicious user on the network can "sniff" the packets and gain the NT U
This URL also causes Netscape 4.7 (Win 98) to crash when used as a
location..
So if you embedded it into something, Javascript or otherwise, you could
probably have some fun.
NETSCAPE caused an invalid page fault in
module at :2e2e2e2e.
Registers:
EAX= CS=015f EIP=2e2e2e2e EFLGS=0001
IIS4 SP6a (on one of my servers) was found vulnerable.
URL Returned: "The IDQ file C:\Inetpub\wwwroot2\anything.ida could not
be found."
Anyone have tempfix ideas?
Rob Systhine <[EMAIL PROTECTED]>
IT/Ryno Innovate Company
"No respect for those who do not strive to master their arts."
Greetings,
AFFECTED OS: Windows 95/98
I have searched and found no post of reference to Altavista's Free Internet
Client.
Altavista (the popular search engine) has offered free internet access for
quite awhile now. Using the MicroPortal code they offer a cost-free
(financially speaking, althoug
On Fri, Jan 14, 2000 at 10:26:44AM -0500, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
>
> This confims what I always thought; that there was a unique number in
> the response that was needed for the ACK.
True. If the domain is setup to require ACK before transferring. Many (most?)
are setup t
>You make a pretty huge assumption that the administrator of
> that domain will miss the response from network solutions or will do
> nothing about it, both of which are not very good assumptions.
Many domains have contacts that use free email services like HotMail, and
with the long stri
In message <[EMAIL PROTECTED]>, Craig Ruefenacht writes:
>It is well known throughout the Internet that the two most common
>protocols for reading email, POP3 (port 110) and IMAP (port 143), are
>sent in the clear over the network.
It's worth noting that many POP3 servers and clients support AP
On Thu, Jan 13, 2000 at 02:35:02PM -0500, Shafik Yaghmour wrote:
> You make a pretty huge assumption that the administrator of
> that domain will miss the response from network solutions or will do
> nothing about it, both of which are not very good assumptions. Although I
> do agree it shou
[EMAIL PROTECTED] wrote:
>
> it would seem not to work on IIS4, SP6. I get http 500 - Internal Server
> Error.
Right.
I have just applied SP6a to the IIS 4 server (where I have reproduced
this first). The problem still exists. Only SP3/SP5/SP6a (in that
order) have been applied - no hotfixes a
>Not really. I'm not excusing the bug. They should fix it. I'm just saying
>that in my opinion, being able to send a browser some data that makes it
>hang doesn't necessarily constitute a denial of services. You can still
>close out of the browser and probably not lose much available memory, I
>as
28 matches
Mail list logo