That's correct. The connect message was caused by the -v flag from
netcat and was basically there to prove that netcat connected each
time. But regardless of the length of the random string, bittorrent
didn't respond.
On 8/24/07, Antonio Augusto (Mancha) <mkhaos7@gmail.com> wrote:
I think this is a bit wrong.
For what i can say, the response you got "Connection to localhost 6881
port [tcp/*] succeeded!", means taht there was a server listning to
that port and he answered your SYN request.
This doesn't mean he answered any of the packets you sent to it.
Cheers,
KM
On 8/24/07, Paul Melson <pmelson@gmail.com> wrote:
On 8/23/07, John Lampe <jwlampe@tenablesecurity.com> wrote:
I know for a *fact* that it can be passively detected :-) We wrote a
bunch of passive detection plugins for our PVS product.
Yup. Snort's had signatures for it for a couple years. ;-)
port = 6881; # bittorrent
#port = 63180; # mutorrent
for (i=0; i<95; i++) {init = string(init, raw_string(rand() % 256));}
for (i=0; i<96; i++) {req = string(req, raw_string(rand() % 256));}
I can't seem to recreate this:
$ perl -e 'for (my $i=0; $i <= 90; $i++) {print chr(int(rand 255));}' |
nc
-v localhost 6881
Connection to localhost 6881 port [tcp/*] succeeded!
$ perl -e 'for (my $i=0; $i <= 95; $i++) {print chr(int(rand 255));}' |
nc
-v localhost 6881
Connection to localhost 6881 port [tcp/*] succeeded!
$ perl -e 'for (my $i=0; $i <= 96; $i++) {print chr(int(rand 255));}' |
nc
-v localhost 6881
Connection to localhost 6881 port [tcp/*] succeeded!
$ perl -e 'for (my $i=0; $i <= 100; $i++) {print chr(int(rand 255));}' |
nc
-v localhost 6881
Connection to localhost 6881 port [tcp/*] succeeded!
$ perl -e 'for (my $i=0; $i <= 1000; $i++) {print chr(int(rand 255));}' |
nc
-v localhost 6881
Connection to localhost 6881 port [tcp/*] succeeded!
If you care, the client is bittorrent-curses 4.4.0 on OpenBSD (it's what
I
had quick access to). I haven't tried your nasl code in Nessus, so maybe
I'm missing something. But if I understand your previous post, this
should
elicit some response from a seeding client, and in my case it doesn't.
PaulM
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
--
Informação & Segurança - Informações para sua segurança na rede.
http://info-seg.blogspot.com
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
