hello all, I'm running a small windows LAN with a linux box as a gateway connected to my ISP. This box is using IPTABLES as a firewall and, most important, as a NAT translater (masquerading, putting it simple) so that only one IP is public and all traffic must cross the gateway.
I also register those zombie sessions here. Not only for yahoo messenger but for other things such as irc (tcp/6666 or 6667). Those tcp ESTABLISHED connections remain for 24h or more (# cat /proc/net/ip_conntrack). Connections i've registered that would last a long time: - websites such as *.ad-doubleclick.com - irc tcp/6666 - nmap scans (-sS scans?) comments. 1. it's true. I also have the feeling that this can be exploitable. After all, there is already a connection established and the host trusts it. ip spoofing/DoS vulnerability? Anyone has ideas/experiences/tools? 2. is there any way to kill these sessions as we can do with processes? I mean a command like # kill <tcp session>. Regards to yall. Citando [EMAIL PROTECTED]: } Hello All,} } During my observation in daily use of Yahoo } Messenger, my computer has "stale/zombie" sessions. } For example, If i have received/message a friend, yahoo } will normally make a direct connection from my PC to my } friend. From Netstat result, you can see a high por } on my computer is having an Established session with my } peer's:5101 port.} } The issue is, after a contact has gone offline } (dial-up), the state established in the netstat will } remain until the next day. I wouls see this as a } vulnerabilities, since an arbitrary user can assume the } IP Address was used (dial-up->dynamic ip assignment), } and use this established session to assume it.} } Any idea ?} } } Regards,} Leonard Ong} Network Security Specialist, APAC} NOKIA} } Email. [EMAIL PROTECTED]} Mobile. +65 9431 6184} Phone. +65 6723 1724} Fax. +65 6723 1596} } } } -----Original Message-----} From: ext Joey [mailto:josefhuggins@;hotmail.com]} Sent: Saturday, November 09, 2002 9:32 PM} To: Security Basics} Subject: Re: Biometric question} } } To clarify:retinal scanning is about as effective as } fingerprints. Retinal} scanning uses a laser light, often in the green part } of the spectrum to scan} the blood vessels of the internal eye. Both methods } scan around 90 metric} points. They can easily read false depending on } whether or not the} biological sample (in this case eyeball or finger) is } placed exactly in the} same position as it was when it was initially } scanned. There is, of course,} with most software a threshold setting which will } allow readings to require} either a very precise ( a finger must be placed in } exactly the same spot} every time on a reader ) or very minimal ( a finger } can be placed anywhere} near the center of the reader, but the accuracy drops } proportionately )} setting. The best way to go from everything I've seen } and read is with iris} scans. Whereas fingerprint and retina scans read } around 90 metric points, an} iris scan reads about 250. Iris scans are } non-invasive whereas retina scans} require a laser light or other strong light source } directed through the} cornea in order to read the vessel pattern in the } back of the eye. While} it's allot more expensive, if security, and not money } is your concern, I} think iris scanners are the way to go. If you can't } "hack" it and you have} to settle w/fingerprint or retinal scanners, I would } go for the fingerprint} scanner.} } -J} } ----- Original Message -----} From: Naveed Ahmed <[EMAIL PROTECTED]>} To: <[EMAIL PROTECTED]>; } <[EMAIL PROTECTED]>} Sent: Thursday, November 07, 2002 11:05 AM} Subject: RE: Biometric question} } } > Michael is right.} > the better ones are ( at least relatively more } difficult to fake) retina} > scans and voice recognition.} > dont go by what tom cruise does in 'minority } report' with the eye} balls.!!!} > rgds} > -Naveed} >} > -----Original Message-----} > From: Michael Sconzo [mailto:msconzo@;tamu.edu]} > Sent: Thursday, November 07, 2002 10:43 PM} > To: [EMAIL PROTECTED]} > Subject: RE: Biometric question} >} >} > -----BEGIN PGP SIGNED MESSAGE-----} > Hash: SHA1} >} > One of the more memorable things that I have read } about fingerprint} > scanners is:} > } http://www.counterpane.com/crypto-gram-0205.html#5} >} > You can basically fake a fingerprint biometric } machine with a gummi} > bear. If I remember correctly, the majority of } fingerprint scanners} > are vulnerable to this type of attack. One of the } big things to look} > for is one that samples SHAPES not POINTS, and } remember the more the} > merrier.} >} > As for other types of biometrics, I am not too } sure, hopefully} > somebody else can shed some light on those.} >} > - -mike} >} >} > - -----Original Message-----} > From: Felix Cuello [mailto:felix@;qodiga.com]} > Sent: Wednesday, November 06, 2002 1:27 PM} > To: [EMAIL PROTECTED]} > Subject: Biometric question} >} >} >} > Hello list!} >} > I will work in a project where phisical security } will be based on} > biometrics, in fact only will be based on } fingerprints biometric.} >} > How secure are fingerprints?, what biometric are } more secure?} > (voice,} > eye, ??? what else).} >} > I'm not a security expert :-)} >} > Thanks a lot,} >} > Felix} > [my english is bad... please sorry :-)]} >} > - --} > Felix Cuello} > [EMAIL PROTECTED]} >} > Qodiga/its} > Av.Santa Fe 882 P.13 Of. "E"} > C.P. ABP1059C} > Tel.: (54) 011 - 4312-1698} > Buenos Aires - Argentina} >} > -----BEGIN PGP SIGNATURE-----} > Version: PGPfreeware 6.5.8 for non-commercial use } <http://www.pgp.com>} >} > } iQA/AwUBPcqfKy76iJsaBRvcEQJ4GQCg8IIGDvldPOk6Bll7RV8spScjPDAAoPuy} > DzeFhJhhlLBeyqWGS/NABATs} > =kUtf} > -----END PGP SIGNATURE-----} >} -------------------------------------------- SAPO ADSL.PT Agora o kit apenas por 75 Eur. e tráfego ilimitado até ao final de 2002! Mais informações em http://www.sapo.pt/kitadsl