Dhiraagu Proxy Server Compromised...
Jaa Posted the following article on his blog... i think it still works... its sad that dhiraagu did not respond to his repeated mails pointing out the flaws...this flaw could mean that anyone can view ppls traffic... their trends etc... capture passwords.. logins.. an god knows wat else.... dhiraagu plz respond to this now... ur prolly gonna have ppl pretending to be proxy servers or ftp servers by the end of the day....
http://jaa.technova.com.mv/archives/31-I,-Dhiraagu-proxy-server.html
i tried this out as well to see if it works... attached is screenshot of sniffers.. 10/11/2005
waiting for dhiraagu to respond to flaw asap... im a dhiraagu user an i def dont want my traffic to be intercepted... :)
UPDATE: 12/11/2005....
the issue still isnt fixed... below is a screenshot for 12/11/2005-
There has been some question as to how easy it is to do "evil" stuff with this... granted this is jus a dialup connection with a packet sniffer... but lets face it... jaa is right u CAN do a lot of things with this... setup a proxy to listen on port 8080... redirect some pages... log passwords... granted takes some time and effort... an a lil understandin of how all this works.... but doable...
and even if nothin is doable...it shouldnt be possible to view this requests.... that in itself is a big FLAW....well seems dhiraagu knows abt Jaa's post now....waitin an waitin for dhiraagu to fix it...
Hmm... wonder if focus infocom servers are the same??
_______________________________
Disclaimer: This article and opinions included in it are highly judgmental and not intended to be believed as seen. This post represents the unofficial view of the voices in my head after much debate. don’t quote me on that; don’t quote me on anything :) If u think this works.. good for you.. If u think it wont.. good for you too... The only reason we are here is coz these things if not addressed affects us users directly!! As always use grey matter as intended for use, drink lots of water, don't smoke, and wear plenty of sunscreen.
posted by Daadi @ 9:43 PM
14 Comments:
Impressed ...
greetings d00d.
It is so nice to know that Maldivians are so much open to technologies (everyone owns a blog).
Though, as someone who do not own an Internet connection or a telephone line. I am so much impressed with the enthusiasm of Maldivians towards technology.
While i was checking email (which i do not very often, as i do not own an Internet connection), a close friend of mine forwarded me some URLs and I here i am reading them and thought i would also pass a comment or too.
Everyone knows that living in the Maldives (male) is like mere hell, but do we have a choice.
Talk about the huge tarrifs of Internet (dhiraagu, focus etc)
Has anyone thought about the huge prices of STELCO, and the state water supply. I sure can live without an Internet connection but i am very much concerned about the prices of the electricity and water in Male.
But do we have a choice other than whine about it. :)
Any way, I am very curious about this line from ur blog.
"u CAN do a lot of things with this... setup a proxy to listen on port 8080... redirect some pages.. spoof a domain.. log passwords... granted takes some time and effort... an a lil understandin of how all this works.... but doable..."
My dear, i am NOT doubtful but, this apparently will not work.
Did you know anything about TCP/IP networking and have u ever heard about OSI layers - which is the foundation of Ethernet networking as we know it now.
have a quick look at http://en.wikipedia.org/wiki/ISO_protocol_suite
You maybe able to impersonate a proxy server or any other for that matter, and you could capture as much packets as possible but are they packets- but do you even know how to read states of TCP/IP protocols - do you even know the meanings of TCP connection states. FIN, AWK, EST etc.
i have one advice for you please do not talk about this technology without knowing the know-how. you could get into lot of troubles.
Anway i do not have lot of time to write in here.
good nite
yo d00d
ssup d00d
wat TCP/IP d00d??
i dun understand d00d
mind explaining it a bit m0re d00dley??.
"(everyone owns a blog)"
d00d mind givin me ur bl0gs link??
"I sure can live without an Internet connection but i am very much concerned about the prices of the electricity and water in Male."
tell u s0mething d00d
every0nes n0t like u. different ppl have different needs, s0 there are ppl wh0 cant live with0ut internet.
and
why d0nt u make ur 0wn bl0g f0r stelc0 and water supply shit?
and g00d day d00d
dear anonymous intellectual fellow who started his comment with "greetings d00d".
i know its very apparent why it should not work. that's what you've been taught - and happens to something we all take granted for. but then the point of this "discovery" is that this IS happening and is against all notions we hold dear. theory aside, when this works for in practice we are required to go back to drawing boards and analyse.
"and you could capture as much packets as possible but are they packets" : i leave to the lord to interpret what that is supposed to mean... im left bewildered.
as for TCP/IP connection states, i assume you are refering to the control bits in the TCP header. FIN you mentioned exist surely but EST and AWK are "states" I've never heard of... they exist maybe in a parallel universe...
i have one advice too. but rather than write my own advice, i'd like to mirror your advice back to you:
"please do not talk about this technology without knowing the know-how. you could get into lot of troubles."
toodles.
dear d00d...
lets say i donno much abt TCP/IP,UDP,CAT,BAT,GMT,and acronyms.com
fact of the matter is.. if u click yourself over to jaa's blog... ud find a lot of the answers you're lookin for...
if u missed the link.. its
http://jaa.technova.com.mv/archives/31-I,-Dhiraagu-proxy-server.html
and my concern is not with the ACK PAK and the SAC... its that if this is possible from MY ISP...and all i have been asking is for a quick fix mind you..
g000d day d000d
fatty,
y dont u check focus and lets see whoes the matures here....
"y dont u check focus and lets see whoes the matures here...."
d00d wtf does that mean??
mind explaining it in proper english? or in dhivehi perhaps?
watever the d00d guy said..
i dont have a frikkin clue wat that means :S
This is interesting.....
As for Mr.Dood!! Watch out...i guess they gona raise the stelco tariff again boooooooooooooo......
Save your penny for the bill rather than comment on blogs ;)
Hehe....
MX
i miss Mr. d00d.
i guess he's saving his money now
to pay the bills eh?....
maybe he didnt pay his internet bills...
i heard that someoone got visited by the blue collars and got threatened with denial of service and/or legal action. any insights on this?
hehe.. primary0.. something like it... something but not quite.. :D
Post a Comment
<< Home