Jump to content
begood

A new zombie port scanning attack - Full Disclosure

By begood, in Stiri securitate

Recommended Posts

begood Newbie

begood

Posted
Posted

Hello fd-list folks.

I recently demonstrated at Athcon, a new security conference taking place

in Athens - Greece, a new stealthy port scanning attack that is made

possible by abusing XMPP. The technique uses a "zombie" host (that can be

anyone in your [most probably fake] friend/contact list) and some timing

calculations in order to conduct a portscan through that proxy to any

target. The IP address is never revealed to the scanned victim, the same

way the famous idle/zombie scan, discovered by antirez, works.

The idea, a proof of concept pidgin patch and a detailed analysis can be

read in the paper.

You can find the whitepaper here:

http://sock-raw.org/papers/abusing_network_protocols

and the presentation slides:

http://sock-raw.org/papers/anp_presentation.pdf

It is interesting to see how protocols like seemingly "innocent" protocols

like XMPP can still be abused to do things like the above attack.

Regards,

ithilgore

Full Disclosure: A new zombie port scanning attack

--

http://sock-raw.org

ithilgore (ithilgore) on Twitter

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...