Vulnerability Development mailing list archives

Re: getcat.com -- IE CueCat Spy on you.

From: Richard Rager <kb8rln () PENGUINMASTER COM>
Date: Fri, 8 Sep 2000 11:18:15 -0600

I have too apologies to the list.  Phil Dyer sent me an email to point
something out to me.  I was running nothing else on my box that could of
caused any packets to flow.  So I did not read really close.

On Fri, 8 Sep 2000, Richard Rager wrote:

Ok I was having problem goto to www.CueCat.com so I looked with tcpdump
to see what was going on.  The CueCat site was tring to connect to my
computer netbios port.  Here is the proof.


10:33:51.938023 > 209.81.164.237.3991 > 216.34.143.198.www: S
[ECN-Echo,CWR] 1634597875:1634597875(0) win 4452 <mss
1484,sackOK,timestamp 34033191 0,nop,wscale
0> (DF)


  My Ip address was 209.81.164.237

  getcat.com is at 216.34.143.198

10:34:27.376489 > 209.81.164.237.netbios-ssn > 209.81.216.169.1957: R
0:0(0) ack 35808594 win 0 (DF)


  The Netbios was comming from 209.81.216.169.

Thank you again for Phil for telling my this.  I did have one other person
say this: It is Stander for Windows to do this if it can not do a reverse
IP lookup. Is this true?




Thanks again.


Richard Rager

Current thread:

getcat.com -- IE CueCat Spy on you. Richard Rager (Sep 08)
- Re: getcat.com -- IE CueCat Spy on you. Doug Kahler (Sep 12)
- Re: getcat.com -- IE CueCat Spy on you. Richard Rager (Sep 12)
- <Possible follow-ups>
- Re: getcat.com -- IE CueCat Spy on you. Oliver Friedrichs (Sep 12)
- Re: getcat.com -- IE CueCat Spy on you. Doug Davis (Sep 12)