funsec mailing list archives
RE: What's up with Slashdot and Outlook
From: rms () computerbytesman com
Date: Wed, 8 Nov 2006 15:37:26 -0500 (EST)
I just checked and Word, WordPad, Outlook Express, and the Word editor in Outlook don't exhibit the delay. Maybe Outlook is trying to fetch a CSS file from Slashdot and not having any luck. We need some sort of HTML clipboard dumper to see what Outlook is trying to paste. Richard
Weird...I just switched over to the built-in HTML editor and had the same problem as you. I fired up Wireshark, and this is what came up after pasting (filtering on 66.35.250.0/24) No. Time Source Destination Protocol Info 864 2006-11-08 15:20:17.885349 my.ip.address 66.35.250.55 ICMP Echo (ping) request 893 2006-11-08 15:20:20.168376 my.ip.address 66.35.250.55 ICMP Echo (ping) request 977 2006-11-08 15:20:22.668459 my.ip.address 66.35.250.55 TCP 3851 > microsoft-ds [SYN] Seq=0 Len=0 MSS=1460 978 2006-11-08 15:20:22.668748 my.ip.address 66.35.250.55 ICMP Echo (ping) request 981 2006-11-08 15:20:22.790933 66.35.250.55 my.ip.address ICMP Destination unreachable (Host administratively prohibited) 1030 2006-11-08 15:20:25.168379 my.ip.address 66.35.250.55 ICMP Echo (ping) request 1043 2006-11-08 15:20:25.669301 my.ip.address 66.35.250.55 TCP 3851 > microsoft-ds [SYN] Seq=0 Len=0 MSS=1460 1044 2006-11-08 15:20:25.765423 66.35.250.55 my.ip.address ICMP Destination unreachable (Host administratively prohibited) 1071 2006-11-08 15:20:27.668483 my.ip.address 66.35.250.55 TCP 3852 > netbios-ssn [SYN] Seq=0 Len=0 MSS=1460 1074 2006-11-08 15:20:27.761298 66.35.250.55 my.ip.address ICMP Destination unreachable (Host administratively prohibited) 1119 2006-11-08 15:20:30.603890 my.ip.address 66.35.250.55 TCP 3852 > netbios-ssn [SYN] Seq=0 Len=0 MSS=1460 1121 2006-11-08 15:20:30.695699 66.35.250.55 my.ip.address ICMP Destination unreachable (Host administratively prohibited) 1130 2006-11-08 15:20:31.703505 my.ip.address 66.35.250.55 TCP 3851 > microsoft-ds [SYN] Seq=0 Len=0 MSS=1460 1132 2006-11-08 15:20:31.789549 66.35.250.55 my.ip.address ICMP Destination unreachable (Host administratively prohibited) 1210 2006-11-08 15:20:36.635163 my.ip.address 66.35.250.55 TCP 3852 > netbios-ssn [SYN] Seq=0 Len=0 MSS=1460 1211 2006-11-08 15:20:36.727013 66.35.250.55 my.ip.address ICMP Destination unreachable (Host administratively prohibited) 1550 2006-11-08 15:20:50.815946 my.ip.address 66.35.250.55 TCP 3856 > http [SYN] Seq=0 Len=0 MSS=1460 1554 2006-11-08 15:20:50.903198 66.35.250.55 my.ip.address TCP http > 3856 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 1555 2006-11-08 15:20:50.903231 my.ip.address 66.35.250.55 TCP 3856 > http [ACK] Seq=1 Ack=1 Win=64512 [TCP CHECKSUM INCORRECT] Len=0 1556 2006-11-08 15:20:50.903392 my.ip.address 66.35.250.55 HTTP OPTIONS / HTTP/1.1 1559 2006-11-08 15:20:50.990278 66.35.250.55 my.ip.address TCP http > 3856 [ACK] Seq=1 Ack=173 Win=6432 Len=0 1560 2006-11-08 15:20:50.992447 66.35.250.55 my.ip.address HTTP HTTP/1.0 501 Not Implemented (text/html) 1561 2006-11-08 15:20:50.992493 66.35.250.55 my.ip.address TCP http > 3856 [FIN, ACK] Seq=359 Ack=173 Win=6432 Len=0 1562 2006-11-08 15:20:50.992521 my.ip.address 66.35.250.55 TCP 3856 > http [ACK] Seq=173 Ack=360 Win=64154 [TCP CHECKSUM INCORRECT] Len=0 1563 2006-11-08 15:20:50.992681 my.ip.address 66.35.250.55 TCP 3856 > http [FIN, ACK] Seq=173 Ack=360 Win=64154 [TCP CHECKSUM INCORRECT] Len=0 1575 2006-11-08 15:20:51.084693 66.35.250.55 my.ip.address TCP http > 3856 [ACK] Seq=360 Ack=174 Win=6432 Len=0 1576 2006-11-08 15:20:51.084787 66.35.250.55 my.ip.address TCP [TCP Dup ACK 1575#1] http > 3856 [ACK] Seq=360 Ack=174 Win=6432 Len=0 1577 2006-11-08 15:20:51.084809 my.ip.address 66.35.250.55 TCP 3856 > http [RST] Seq=174 Len=0 1937 2006-11-08 15:20:59.868390 my.ip.address 66.35.250.55 ICMP Echo (ping) request 1963 2006-11-08 15:21:02.168537 my.ip.address 66.35.250.55 ICMP Echo (ping) request 2004 2006-11-08 15:21:04.668706 my.ip.address 66.35.250.55 TCP 3865 > microsoft-ds [SYN] Seq=0 Len=0 MSS=1460 2005 2006-11-08 15:21:04.669059 my.ip.address 66.35.250.55 ICMP Echo (ping) request 2006 2006-11-08 15:21:04.756107 66.35.250.55 my.ip.address ICMP Destination unreachable (Host administratively prohibited) 2049 2006-11-08 15:21:07.168554 my.ip.address 66.35.250.55 ICMP Echo (ping) request 2060 2006-11-08 15:21:07.612841 my.ip.address 66.35.250.55 TCP 3865 > microsoft-ds [SYN] Seq=0 Len=0 MSS=1460 2063 2006-11-08 15:21:07.702111 66.35.250.55 my.ip.address ICMP Destination unreachable (Host administratively prohibited) 2110 2006-11-08 15:21:09.668673 my.ip.address 66.35.250.55 TCP 3866 > netbios-ssn [SYN] Seq=0 Len=0 MSS=1460 2111 2006-11-08 15:21:09.775625 66.35.250.55 my.ip.address ICMP Destination unreachable (Host administratively prohibited) 2194 2006-11-08 15:21:12.541605 my.ip.address 66.35.250.55 TCP 3866 > netbios-ssn [SYN] Seq=0 Len=0 MSS=1460 2196 2006-11-08 15:21:12.628863 66.35.250.55 my.ip.address ICMP Destination unreachable (Host administratively prohibited) 2203 2006-11-08 15:21:13.550361 my.ip.address 66.35.250.55 TCP 3865 > microsoft-ds [SYN] Seq=0 Len=0 MSS=1460 2205 2006-11-08 15:21:13.652942 66.35.250.55 my.ip.address ICMP Destination unreachable (Host administratively prohibited) 2278 2006-11-08 15:21:18.582303 my.ip.address 66.35.250.55 TCP 3866 > netbios-ssn [SYN] Seq=0 Len=0 MSS=1460 2279 2006-11-08 15:21:18.676709 66.35.250.55 my.ip.address ICMP Destination unreachable (Host administratively prohibited) -----Original Message----- From: rms () computerbytesman com [mailto:rms () computerbytesman com] Sent: Wednesday, November 08, 2006 1:55 PM To: FunSec [List] Subject: Re: [funsec] What's up with Slashdot and Outlook I'm using the built-in HTML editor in Outlook and not the Microsoft Word editor. The Outlook HTML editor might just be IE. Later today, I give the Outlook Word editor a shot also. RichardWhich editor are you using ("you" being those with the problem)? I can't see where a sniffer would figure it out unless it was a universal issue. On 11/8/06, John LaCour <johnlacour () gmail com> wrote:I see the same thing. Outlook 2003 11.8010.8107 SP2 I think Outlook is just slow rendering the HTML. It may be going out and grabbing the the page as well. Haven't bothered looking at a sniffer..._______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list._______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- What's up with Slashdot and Outlook Richard M. Smith (Nov 08)
- Re: What's up with Slashdot and Outlook Dude VanWinkle (Nov 08)
- <Possible follow-ups>
- RE: What's up with Slashdot and Outlook Krpata, Tyler (Nov 08)
- Re: What's up with Slashdot and Outlook John LaCour (Nov 08)
- Message not available
- Re: What's up with Slashdot and Outlook Brian Loe (Nov 08)
- Re: What's up with Slashdot and Outlook rms (Nov 08)
- Re: What's up with Slashdot and Outlook John LaCour (Nov 08)
- RE: What's up with Slashdot and Outlook rms (Nov 08)