Vulnerability Development mailing list archives
Re: Exploiting any network protocol with secondary datachannelsopened from the server
From: mikael.olsson () ENTERNET SE (Mikael Olsson)
Date: Sun, 19 Mar 2000 12:23:10 +0100
Blue Boar wrote:
I don't suppose Sandboxed Java Applets have any legal way to detemine which ports are open on the machine they're running on, do they?
Something struck me as a possibility here. I don't know the first thing about Java, but I'm wondering if the socket interface in the standard Java libs has some similarities to standard BSD sockets. If you're allowed to issue "bind(socket,sockaddr);" equivalent requests in Java, you can loop requests from local ports 0 to 65535 and see which ones you are NOT allowed to bind. The ones you are not allowed to bind are likely the ones that are already taken by some application. This may be listening server ports or simply other dynamically allocated ports. With some "intelligence" in the applet you can probably guess which ports are interesting and which ones are not. (Or simply try to bind a few ports that you know to be interesting beforehand.) AGAIN, NOTE: I have NO idea if the above works. It'd be nice if someone with a bit of experience in Java could verify if it does. (Specifically: is there even a "bind" equivalent?) /Mike -- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50 Mobile: +46-(0)70-66 77 636 WWW: http://www.enternet.se E-mail: mikael.olsson () enternet se
Current thread:
- Exploiting any network protocol with secondary data channels opened from the server Mikael Olsson (Mar 17)
- Re: Exploiting any network protocol with secondary data channelsopened from the server Blue Boar (Mar 18)
- Re: Exploiting any network protocol with secondary datachannelsopened from the server Mikael Olsson (Mar 19)
- Re: Exploiting any network protocol with secondary datachannelsopened from the server Mr. Pink (Mar 19)
- Re: Exploiting any network protocol with secondary datachannelsopened from the server Ralf-Philipp Weinmann (Mar 19)
- Re: Exploiting any network protocol with secondarydatachannelsopened from the server H D Moore (Mar 19)
- Re: Exploiting any network protocol with secondarydatachannelsopened from the server Ralf-Philipp Weinmann (Mar 20)
- Re: Exploiting any network protocol with secondary datachannelsopened from the server Mikael Olsson (Mar 19)
- Re: Exploiting any network protocol with secondary data channelsopened from the server Blue Boar (Mar 18)
- Buffer overflow in AIM 3.5.1856 Joe Testa (Mar 19)