Re: [Full-Disclosure] Reverse http traffic

["Lan Guy" <rlanguy@hotmail.com>]

Did you check the proxy settings?


----- Original Message ----- 
From: "Daniel H. Renner" <dan@losangelescomputerhelp.com>
To: <full-disclosure@lists.netsys.com>
Sent: Tuesday, December 30, 2003 12:23 AM
Subject: [Full-Disclosure] Reverse http traffic


> Hello,
> 
> I had a case recently wherein one of a client's systems (Win2k) could
> not access http, or mail traffic.  At the same time, 2 other systems
> (Win95 and Xandros) could, and yet he could access all of the other
> network shares via TCP.
> 
> He brought it to my shop, it was patched up, already had the latest
> anti-virus defs, and it got on the 'net fine here.  He returned with it
> and set it up - and could not get any http or email.
> 
> I went to his office to see what was up, hooked in my little 'kneetop'
> (Sony Picturebook) and browsed just fine.
> 
> I then installed a Linux firewall on a spare computer, replaced the
> Linksys router with it and instantly his Win2k was able to browse and
> get email.
> 
> I checked the firewall logs and saw quite a few attempts from a Google
> IP address (whois-ed, but I'm not ignoring that it was possibly spoofed)
> that was sending IN traffic with a source port of 80 and a destination
> port in the temporary range (33xx) - eh???
> 
> I can speculate (otherwise known as 'assume' :) that this site was
> trying to spoof my client's system into accepting some traffic by using
> a reverse-flow, but...
> 
> Can anyone tell me what actually could cause this?
> 
> 
> -- 
> 
> 
> Thank you,
> 
> Dan Renner
> President
> Los Angeles Computerhelp
> http://losangelescomputerhelp.com
> 818.352.8700
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html