26/11/2001 20:54:26, Magniat_private wrote : >Instead, we can easily bypass the need to crack the hash by simply using >the "IP Agent" supplied by Gibson. Over a year ago, a hacked version of IP >Agent was published that allowed one to supply an address to scan-- Gibson >discounted this as a non-issue, but reportedly fixed IP Agent to perform a >check to prevent this from happening. I reported this information on September 2001 : http://msgs.securepoint.com/cgi-bin/get/bugtraq0009/9.html Apparently, Steve Gibson still use a silly method to check for IP adresses to scan .... Quoting him : "As you'll see, this next-generation scan cannot be "faked out" in the same fashion since it deliberately maintains open and active connections to the user's target browser and penetrates NAT routers and firewalls" :) Nicolas Grégoire Exaprobe (http://www.exaprobe.com)
This archive was generated by hypermail 2b30 : Tue Nov 27 2001 - 08:46:18 PST