AOH :: HP Unsorted A :: B1A-1521.HTM

A new zombie port scanning attack



A new zombie port scanning attack
A new zombie port scanning attack




Hello bugtraq-list folks.

I recently demonstrated at Athcon, a new security conference taking place
in Athens - Greece, a new stealthy port scanning attack that is made
possible by abusing XMPP. The technique uses a "zombie" host (that can be
anyone in your [most probably fake] friend/contact list) and some timing
calculations in order to conduct a portscan through that proxy to any
target. The IP address is never revealed to the scanned victim, the same
way the famous idle/zombie scan, discovered by antirez, works.
The idea, a proof of concept pidgin patch and a detailed analysis can be
read in the paper.

You can find the whitepaper here:
http://sock-raw.org/papers/abusing_network_protocols 
and the presentation slides:
http://sock-raw.org/papers/anp_presentation.pdf 

It is interesting to see how protocols like seemingly "innocent" protocols
like XMPP can still be abused to do things like the above attack.

Regards,
ithilgore

-- 
http://sock-raw.org 
http://twitter.com/ithilgore 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.