funsec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: What's up with Slashdot and Outlook

From: rms () computerbytesman com
Date: Wed, 8 Nov 2006 15:37:26 -0500 (EST)
I just checked and Word, WordPad, Outlook Express, and the Word editor in
Outlook don't exhibit the delay.

Maybe Outlook is trying to fetch a CSS file from Slashdot and not having
any luck.  We need some sort of HTML clipboard dumper to see what Outlook
is trying to paste.

Richard



Weird...I just switched over to the built-in HTML editor and had the
same problem as you. I fired up Wireshark, and this is what came up
after pasting (filtering on 66.35.250.0/24)

No.     Time                       Source                Destination
Protocol Info
    864 2006-11-08 15:20:17.885349 my.ip.address         66.35.250.55
ICMP     Echo (ping) request
    893 2006-11-08 15:20:20.168376 my.ip.address         66.35.250.55
ICMP     Echo (ping) request
    977 2006-11-08 15:20:22.668459 my.ip.address         66.35.250.55
TCP      3851 > microsoft-ds [SYN] Seq=0 Len=0 MSS=1460
    978 2006-11-08 15:20:22.668748 my.ip.address         66.35.250.55
ICMP     Echo (ping) request
    981 2006-11-08 15:20:22.790933 66.35.250.55          my.ip.address
ICMP     Destination unreachable (Host administratively prohibited)
   1030 2006-11-08 15:20:25.168379 my.ip.address         66.35.250.55
ICMP     Echo (ping) request
   1043 2006-11-08 15:20:25.669301 my.ip.address         66.35.250.55
TCP      3851 > microsoft-ds [SYN] Seq=0 Len=0 MSS=1460
   1044 2006-11-08 15:20:25.765423 66.35.250.55          my.ip.address
ICMP     Destination unreachable (Host administratively prohibited)
   1071 2006-11-08 15:20:27.668483 my.ip.address         66.35.250.55
TCP      3852 > netbios-ssn [SYN] Seq=0 Len=0 MSS=1460
   1074 2006-11-08 15:20:27.761298 66.35.250.55          my.ip.address
ICMP     Destination unreachable (Host administratively prohibited)
   1119 2006-11-08 15:20:30.603890 my.ip.address         66.35.250.55
TCP      3852 > netbios-ssn [SYN] Seq=0 Len=0 MSS=1460
   1121 2006-11-08 15:20:30.695699 66.35.250.55          my.ip.address
ICMP     Destination unreachable (Host administratively prohibited)
   1130 2006-11-08 15:20:31.703505 my.ip.address         66.35.250.55
TCP      3851 > microsoft-ds [SYN] Seq=0 Len=0 MSS=1460
   1132 2006-11-08 15:20:31.789549 66.35.250.55          my.ip.address
ICMP     Destination unreachable (Host administratively prohibited)
   1210 2006-11-08 15:20:36.635163 my.ip.address         66.35.250.55
TCP      3852 > netbios-ssn [SYN] Seq=0 Len=0 MSS=1460
   1211 2006-11-08 15:20:36.727013 66.35.250.55          my.ip.address
ICMP     Destination unreachable (Host administratively prohibited)
   1550 2006-11-08 15:20:50.815946 my.ip.address         66.35.250.55
TCP      3856 > http [SYN] Seq=0 Len=0 MSS=1460
   1554 2006-11-08 15:20:50.903198 66.35.250.55          my.ip.address
TCP      http > 3856 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
   1555 2006-11-08 15:20:50.903231 my.ip.address         66.35.250.55
TCP      3856 > http [ACK] Seq=1 Ack=1 Win=64512 [TCP CHECKSUM
INCORRECT] Len=0
   1556 2006-11-08 15:20:50.903392 my.ip.address         66.35.250.55
HTTP     OPTIONS / HTTP/1.1
   1559 2006-11-08 15:20:50.990278 66.35.250.55          my.ip.address
TCP      http > 3856 [ACK] Seq=1 Ack=173 Win=6432 Len=0
   1560 2006-11-08 15:20:50.992447 66.35.250.55          my.ip.address
HTTP     HTTP/1.0 501 Not Implemented (text/html)
   1561 2006-11-08 15:20:50.992493 66.35.250.55          my.ip.address
TCP      http > 3856 [FIN, ACK] Seq=359 Ack=173 Win=6432 Len=0
   1562 2006-11-08 15:20:50.992521 my.ip.address         66.35.250.55
TCP      3856 > http [ACK] Seq=173 Ack=360 Win=64154 [TCP CHECKSUM
INCORRECT] Len=0
   1563 2006-11-08 15:20:50.992681 my.ip.address         66.35.250.55
TCP      3856 > http [FIN, ACK] Seq=173 Ack=360 Win=64154 [TCP CHECKSUM
INCORRECT] Len=0
   1575 2006-11-08 15:20:51.084693 66.35.250.55          my.ip.address
TCP      http > 3856 [ACK] Seq=360 Ack=174 Win=6432 Len=0
   1576 2006-11-08 15:20:51.084787 66.35.250.55          my.ip.address
TCP      [TCP Dup ACK 1575#1] http > 3856 [ACK] Seq=360 Ack=174 Win=6432
Len=0
   1577 2006-11-08 15:20:51.084809 my.ip.address         66.35.250.55
TCP      3856 > http [RST] Seq=174 Len=0
   1937 2006-11-08 15:20:59.868390 my.ip.address         66.35.250.55
ICMP     Echo (ping) request
   1963 2006-11-08 15:21:02.168537 my.ip.address         66.35.250.55
ICMP     Echo (ping) request
   2004 2006-11-08 15:21:04.668706 my.ip.address         66.35.250.55
TCP      3865 > microsoft-ds [SYN] Seq=0 Len=0 MSS=1460
   2005 2006-11-08 15:21:04.669059 my.ip.address         66.35.250.55
ICMP     Echo (ping) request
   2006 2006-11-08 15:21:04.756107 66.35.250.55          my.ip.address
ICMP     Destination unreachable (Host administratively prohibited)
   2049 2006-11-08 15:21:07.168554 my.ip.address         66.35.250.55
ICMP     Echo (ping) request
   2060 2006-11-08 15:21:07.612841 my.ip.address         66.35.250.55
TCP      3865 > microsoft-ds [SYN] Seq=0 Len=0 MSS=1460
   2063 2006-11-08 15:21:07.702111 66.35.250.55          my.ip.address
ICMP     Destination unreachable (Host administratively prohibited)
   2110 2006-11-08 15:21:09.668673 my.ip.address         66.35.250.55
TCP      3866 > netbios-ssn [SYN] Seq=0 Len=0 MSS=1460
   2111 2006-11-08 15:21:09.775625 66.35.250.55          my.ip.address
ICMP     Destination unreachable (Host administratively prohibited)
   2194 2006-11-08 15:21:12.541605 my.ip.address         66.35.250.55
TCP      3866 > netbios-ssn [SYN] Seq=0 Len=0 MSS=1460
   2196 2006-11-08 15:21:12.628863 66.35.250.55          my.ip.address
ICMP     Destination unreachable (Host administratively prohibited)
   2203 2006-11-08 15:21:13.550361 my.ip.address         66.35.250.55
TCP      3865 > microsoft-ds [SYN] Seq=0 Len=0 MSS=1460
   2205 2006-11-08 15:21:13.652942 66.35.250.55          my.ip.address
ICMP     Destination unreachable (Host administratively prohibited)
   2278 2006-11-08 15:21:18.582303 my.ip.address         66.35.250.55
TCP      3866 > netbios-ssn [SYN] Seq=0 Len=0 MSS=1460
   2279 2006-11-08 15:21:18.676709 66.35.250.55          my.ip.address
ICMP     Destination unreachable (Host administratively prohibited)

-----Original Message-----
From: rms () computerbytesman com [mailto:rms () computerbytesman com]
Sent: Wednesday, November 08, 2006 1:55 PM
To: FunSec [List]
Subject: Re: [funsec] What's up with Slashdot and Outlook

I'm using the built-in HTML editor in Outlook and not the Microsoft Word
editor.  The Outlook HTML editor might just be IE.  Later today, I give
the Outlook Word editor a shot also.

Richard



Which editor are you using ("you" being those with the problem)? I
can't see where a sniffer would figure it out unless it was a
universal issue.



On 11/8/06, John LaCour <johnlacour () gmail com> wrote:

I see the same thing.   Outlook 2003 11.8010.8107 SP2

I think Outlook is just slow rendering the HTML.  It may be going
out and grabbing the the page as well.   Haven't bothered looking
at a sniffer...



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.





_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: