[Dshield] little experiment

Brance Amussen :)_S brance at jhu.edu
Tue Mar 1 17:27:39 GMT 2005


I know it is a dumb question, and I swear I know the answer, but... 

How do you get the "behind firewall address"?? 
I thought at one time I could see this in Ethereal, but just tried a grab
and I don't see it.. 

Thanks! 

Brance :)_S
 

-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Johannes B. Ullrich
Sent: Tuesday, March 01, 2005 8:29 AM
To: General DShield Discussion List
Subject: Re: [Dshield] little experiment


Thanks for all the feedback! I am trying to wrap up my responses in this one
email:

- Some of the "broken page" issues where due to me making adjustments
   last night ;-). Some "fixing the running train" as I was scanning the
   logs.

- SP2 detection needs work. I think it only works well with Internet
   Explorer. Have to see what the exact magic string is in Firefox.

- the UDP scan is unreliable, and does show ports as open that are not.
   Maybe I should drop it. There is no good way to scan UDP.

- it looks like it has some bug if your local ip is reported as
   127.0.0.1 ;-). This can happen with some proxy/vpn configurations.

- 10 port scans can be run at the same time. I don't think that limit
   was reached yesterday. There should be a note to that respect if the
   limit is hit.

- I think the browser crasht aht was reported may be due to the
   fact that I use javascript xmlhttp. I started using it because
   (a) its way cool, (b) google uses it, so I consider it 'ready'

- I will add port 22 and 25 to the tcp port scan list.

- the page will probably only work in MSIE and Firefox. Other browsers
   may / may not work. The problem is that as I get more and more into
   using browser specific tricks to figure out some of the intormation,
   I can't support them all (see the XP SP2 issue).






More information about the list mailing list