Hello All, During my observation in daily use of Yahoo Messenger, my computer has "stale/zombie" sessions. For example, If i have received/message a friend, yahoo will normally make a direct connection from my PC to my friend. From Netstat result, you can see a high port on my computer is having an Established session with my peer's:5101 port. The issue is, after a contact has gone offline (dial-up), the state established in the netstat will remain until the next day. I wouls see this as a vulnerabilities, since an arbitrary user can assume the IP Address was used (dial-up->dynamic ip assignment), and use this established session to assume it. Any idea ? Regards, Leonard Ong Network Security Specialist, APAC NOKIA Email. Leonard.Ongat_private Mobile. +65 9431 6184 Phone. +65 6723 1724 Fax. +65 6723 1596 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Nov 13 2002 - 09:07:02 PST