Security Incidents mailing list archives
RE: Yahoo Messenger Stale Sessions
From: <Leonard.Ong () nokia com>
Date: Wed, 13 Nov 2002 09:38:58 +0800
Hello All, During my observation in daily use of Yahoo Messenger, my computer has "stale/zombie" sessions. For example, If i have received/message a friend, yahoo will normally make a direct connection from my PC to my friend. From Netstat result, you can see a high port on my computer is having an Established session with my peer's:5101 port. The issue is, after a contact has gone offline (dial-up), the state established in the netstat will remain until the next day. I wouls see this as a vulnerabilities, since an arbitrary user can assume the IP Address was used (dial-up->dynamic ip assignment), and use this established session to assume it. Any idea ? Regards, Leonard Ong Network Security Specialist, APAC NOKIA Email. Leonard.Ong () nokia com Mobile. +65 9431 6184 Phone. +65 6723 1724 Fax. +65 6723 1596 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: Yahoo Messenger Stale Sessions Leonard.Ong (Nov 13)
- RE: Yahoo Messenger Stale Sessions David Gillett (Nov 13)
- RE: Yahoo Messenger Stale Sessions John Fitzgerald (Nov 14)
- <Possible follow-ups>
- Re: Yahoo Messenger Stale Sessions BANIER Jeremie (Nov 14)
- RE: Yahoo Messenger Stale Sessions David Gillett (Nov 13)