I'm getting lazy (and some say slow) in my old age, but I tripped over something interesting and was wondering if anyone wanted to run with it. http://docs.real.com/docs/proxykit/rtspd.pdf Scroll down to Protocol Semantics, and look at the general syntax of the SETUP method. Right off it looks like the protocol will support UDP and TCP bounce scans. Also there's several potentially user definable fields there that have to be parsed. I'll bet there's more than one parsing or bof exploit there. You might find it running on a cable company proxy near you. z
This archive was generated by hypermail 2b30 : Sat Feb 09 2002 - 18:04:15 PST