[PLUG] Possible security issue
MJang
mike at mommabears.com
Sat May 1 15:30:21 UTC 2010
Folks,
Been experimenting a bit with nc. As such, I've been seeing how it
connects from system to system. To that end, I started an Apache server
on my laptop (on Hardy Heron). After a bit, I ran the following command
to see if the nc from another system would show up.
netstat -atun
Well, it didn't, but I soon got a bunch of entries similar to
tcp 0 0 10.168.0.111:44535 xxx.yyy.zzz.aaa:80 ESTABLISHED
Where xxx.yyy.zzz.aaa are public addresses from places like FL and MA.
It's not like I have anything but the standard "It works" page on that
Apache server.
And I have a pretty standard (though old) firewall on the router, with
port forwarding set up (for the most part) to some non-existent systems
on my local private IP net. My laptop is not one of them.
So there's a weakness somewhere. I don't have MS running anywhere (at
the moment) Any suggestions on where I should look?
Thanks,
Mike
More information about the PLUG
mailing list