[2496] in bugtraq
Re: BoS: bind() Security Problems
daemon@ATHENA.MIT.EDU (Darren Reed)
Thu Feb 1 12:23:16 1996
Date: Thu, 1 Feb 1996 08:30:24 +1100
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Darren Reed <avalon@coombs.anu.edu.au>
X-To: BUGTRAQ@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <199601311218.NAA10765@visbl.rus.uni-stuttgart.de> from "Bernd
Lehle" at Jan 31, 96 01:18:29 pm
In some mail from Bernd Lehle, sie said:
[...]
> > Exploit:
> [..]
> > Run netcat:
> >
> > w00p% nc -v -v -u -s 192.88.209.5 -p 2049
> > listening on [192.88.209.5] 2049 ...
>
> To take a look at irc packets: nc -v -v -l -s Your.IP.Adress -p 6667
This won't get you messages between already connected clients and servers.
Yes, you might be able to make clients connect, at first, to you and not
a real server, but it is going to be obvious to the client: the connection
won't complete as netcat won't generate the server replies which many
clients now look for to indicate the confirmation of a connection.
