[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

A new zombie port scanning attack

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: A new zombie port scanning attack
From: ithilgore <ithilgore.ryu.l@xxxxxxxxx>
Date: Fri, 16 Jul 2010 01:24:47 +0300

Hello bugtraq-list folks.

I recently demonstrated at Athcon, a new security conference taking place
in Athens - Greece, a new stealthy port scanning attack that is made
possible by abusing XMPP. The technique uses a "zombie" host (that can be
anyone in your [most probably fake] friend/contact list) and some timing
calculations in order to conduct a portscan through that proxy to any
target. The IP address is never revealed to the scanned victim, the same
way the famous idle/zombie scan, discovered by antirez, works.
The idea, a proof of concept pidgin patch and a detailed analysis can be
read in the paper.

You can find the whitepaper here:
http://sock-raw.org/papers/abusing_network_protocols
and the presentation slides:
http://sock-raw.org/papers/anp_presentation.pdf

It is interesting to see how protocols like seemingly "innocent" protocols
like XMPP can still be abused to do things like the above attack.

Regards,
ithilgore

-- 
http://sock-raw.org
http://twitter.com/ithilgore

Prev by Date: ZDI-10-129: Novell Netware Groupwise Internet Gateway Remote Code Execution Vulnerability
Next by Date: {PRL} Novell Groupwise Internet Agent Stack Overflow
Previous by thread: ZDI-10-129: Novell Netware Groupwise Internet Gateway Remote Code Execution Vulnerability
Next by thread: {PRL} Novell Groupwise Internet Agent Stack Overflow
Index(es):
- Date
- Thread