Vulnerability Development mailing list archives
Re: getcat.com -- IE CueCat Spy on you.
From: Richard Rager <kb8rln () PENGUINMASTER COM>
Date: Fri, 8 Sep 2000 11:18:15 -0600
I have too apologies to the list. Phil Dyer sent me an email to point something out to me. I was running nothing else on my box that could of caused any packets to flow. So I did not read really close. On Fri, 8 Sep 2000, Richard Rager wrote:
Ok I was having problem goto to www.CueCat.com so I looked with tcpdump to see what was going on. The CueCat site was tring to connect to my computer netbios port. Here is the proof. 10:33:51.938023 > 209.81.164.237.3991 > 216.34.143.198.www: S [ECN-Echo,CWR] 1634597875:1634597875(0) win 4452 <mss 1484,sackOK,timestamp 34033191 0,nop,wscale 0> (DF)
My Ip address was 209.81.164.237 getcat.com is at 216.34.143.198
10:34:27.376489 > 209.81.164.237.netbios-ssn > 209.81.216.169.1957: R 0:0(0) ack 35808594 win 0 (DF)
The Netbios was comming from 209.81.216.169. Thank you again for Phil for telling my this. I did have one other person say this: It is Stander for Windows to do this if it can not do a reverse IP lookup. Is this true? Thanks again. Richard Rager
Current thread:
- getcat.com -- IE CueCat Spy on you. Richard Rager (Sep 08)
- Re: getcat.com -- IE CueCat Spy on you. Doug Kahler (Sep 12)
- Re: getcat.com -- IE CueCat Spy on you. Richard Rager (Sep 12)
- <Possible follow-ups>
- Re: getcat.com -- IE CueCat Spy on you. Oliver Friedrichs (Sep 12)
- Re: getcat.com -- IE CueCat Spy on you. Doug Davis (Sep 12)