OpenEuphoria: Forum: Re: Just a Windows-Security thought...

Re: Just a Windows-Security thought...

new topic » goto parent » topic index » view thread » older message » newer message
Posted by Hawke' <mikedeland at NETZERO.NET> Jul 15, 2000
387 views
------=_NextPart_000_0032_01BFEEB6.8096FAA0
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

i dont profess to be an expert here...
but here goes...

its a lot easier to monitor ports that are not active
when u begin monitoring them, as opposed to ports
that are already active...

to snoop a port that is already sending/receiving information
quick brings up ethical issues as to the application of said
port sniffer/snooper...

for example, its quite easy to run a program that listens to
port 23, and basically takes over the receiving of new
connections to that port, which is the default telnet
login port. from there, u can mimic the login procedure
of that host and scoop passwords in droves, and
once the unsuspecting user has finished entering
name/password, u simply hand that information off
to the -real- host, and store your newfound data in
a text file...

another unscrupulous application is piggybacking port
110 and other nearby ports, as well as port 25 for
pop and smtp, respectively, and reading thousands
of emails daily, potentially, that were not sent encrypted.

so...
ethical issues aside...

winsock.dll and wininet.dll will likely have many many handy
functions to link to, to create a firewall, a sniffer or a snooper.

furthermore, u can use the code in the server i wrote, and the
sublibraries that it was built from to easily create such a sniffer.

im not sure what state that server code is in anymore, but there
are many code fragments that will assist u contained within it.

last time i fired the server up here, locally, on the version i have
stored here locally, it performed quite nicely, and i THINK the
latest version is indeed echoed to the link on the web.

if not, it's really close to the same versions and the slight =
differences
should be nearly meaningless...i had been playing with it, and twinking
it a little bit here locally to fix a really minor bug that was =
aggravating me,
but that bug was not something that affects the code that allows =
connections
to me made or anything like that...was simply a nuisance bug that =
affected
me personally mostly heh...

winsock2 allows u to have something like 65000 ports on your system...
as far as a firewall program is concerned, you would have to lock all =
those
ports with a for loop. sample code for this might be gleaned from =
server.exw
where the actual server is created... OnLoadWin and HandleAsynchMessage
are good proc's to peruse...im thinking u would wanna lock up all ports =
first,
then use an ini file to set the -allowed- ports with some sort of code =
that=20
dictates if that port can send/receive or both

like:
***Telnet Definition
INBOUND:23
OUTBOUND:23
***Email Definition
INBOUND:109..112                       --note the use of .. for =
RANGES...
OUTBOUND:109..112                   --*very* important that a firewall =
can do ranged ports
INBOUND:25
OUTBOUND:25

etc...
this is just an example of how i might set up the ini file for the =
firewall
u can get much more advanced in these rule assignments, such as=20
allowing the packets to be forwarded/echoed back to a local lan to
a specific machine behind the firewall

you might wanna look really hard at SyGate, a firewall/proxy program for
windows that i personally use and highly recommend for anyone needing=20
a proxy/firewall....i used to use WinGate but SyGate is far far superior =
imo.
and no, i dont get paid for that plug :)

SyGate's apprule.cfg file is of special note here to anyone wanting to
code a euphoria firewall....

hopefully, i have pointed you to some decent places for info...
Jesus' thermometer program is good for learning with, and there
is this email program thang i seem to remember being in the
archives as well...

ta--Hawke'
  ----- Original Message -----=20
  From: PQ=20
  To: EUPHORIA at LISTSERV.MUOHIO.EDU=20
  Sent: Saturday, July 15, 2000 11:07 AM
  Subject: Just a Windows-Security thought...


  Hy,

  Just a tought,
  does anyone know how to use some dll's in Windows
  to monitor the in- and outgoing traffic of network-ports while
  they are in use by an Internet explorer.

  This must be possible, right?
  Firewalls use it, right?

  Thanks,
  PQ


------=_NextPart_000_0032_01BFEEB6.8096FAA0
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2314.1000" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>i dont profess to be an expert =
here...</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>but here goes...</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>its a lot easier to monitor ports that =
are not=20
active</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>when u begin monitoring them, as =
opposed to=20
ports</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>that are already active...</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>to snoop a port that is already =
sending/receiving=20
information</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>quick brings up ethical issues as to =
the=20
application of said</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>port sniffer/snooper...</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>for example, its quite easy to run a =
program that=20
listens to</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>port 23, and basically takes over the =
receiving of=20
new</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>connections to that port, which is the =
default=20
telnet</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>login port. from there, u can mimic the =
login=20
procedure</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>of that host and scoop passwords in =
droves,=20
and</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>once the unsuspecting user has finished =

entering</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>name/password, u simply hand that =
information=20
off</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>to the -real- host, and store your =
newfound data=20
in</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>a text file...</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>another unscrupulous application is =
piggybacking=20
port</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>110 and other nearby ports, as well as =
port 25=20
for</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>pop and smtp, respectively, and reading =

thousands</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>of emails daily, potentially, that were =
not sent=20
encrypted.</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>so...</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>ethical issues aside...</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>winsock.dll and wininet.dll will likely =
have many=20
many handy</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>functions to link to, to create a =
firewall, a=20
sniffer or a snooper.</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>furthermore, u can use the code in the =
server i=20
wrote, and the</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>sublibraries that it was built from to =
easily=20
create such a sniffer.</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>im not sure what state that server code =
is in=20
anymore, but there</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>are many code fragments that will =
assist u=20
contained within it.</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>last time i fired the server up here, =
locally, on=20
the version i have</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>stored here locally, it performed quite =
nicely, and=20
i THINK the</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>latest version is indeed echoed to the =
link on the=20
web.</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>if not, it's really close to the same =
versions and=20
the slight differences</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>should be nearly meaningless...i had =
been playing=20
with it, and twinking</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>it a little bit here locally to fix a =
really minor=20
bug that was aggravating me,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>but that bug was not something that =
affects the=20
code that allows connections</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>to me made or anything like that...was =
simply a=20
nuisance bug that affected</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>me personally mostly =
heh...</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>winsock2 allows u to have something =
like 65000=20
ports on your system...</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>as far as a firewall program is =
concerned, you=20
would have to lock all those</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>ports with a for loop. sample code for =
this might=20
be gleaned from server.exw</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>where the actual server is created... =
OnLoadWin and=20
HandleAsynchMessage</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>are good proc's to peruse...im thinking =
u would=20
wanna lock up all ports first,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>then use an ini file to set the =
-allowed- ports=20
with some sort of code that </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>dictates if that port can send/receive =
or=20
both</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>like:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>***Telnet Definition</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>INBOUND:23</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>OUTBOUND:23</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>***Email Definition</FONT></DIV>
<DIV><FONT face=3DArial=20
nbsp;&nbsp;=20
--note the use of .. for RANGES...</FONT></DIV>
<DIV><FONT face=3DArial=20
--*very* important that a firewall can do ranged ports</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>INBOUND:25</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>OUTBOUND:25</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>etc...</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>this is just an example of how i might =
set up the=20
ini file for the firewall</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>u can get much more advanced in these =
rule=20
assignments, such as </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>allowing the packets to be =
forwarded/echoed back to=20
a local lan to</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>a specific machine behind the =
firewall</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>you might wanna look really hard at =
SyGate, a=20
firewall/proxy program for</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>windows that i personally use and =
highly recommend=20
for anyone needing </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>a proxy/firewall....i used to use =
WinGate but=20
SyGate is far far superior imo.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>and no, i dont get paid for that plug=20
:)</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>SyGate's apprule.cfg file is of special =
note here=20
to anyone wanting to</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>code a euphoria =
firewall....</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>hopefully, i have pointed you&nbsp;to =
some decent=20
places for info...</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Jesus' thermometer program is good for =
learning=20
with, and there</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>is this email program thang i seem to =
remember=20
being in the</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>archives as well...</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>ta--Hawke'</FONT></DIV>
<BLOCKQUOTE=20
style=3D"BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: =
0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px">
  <DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV>
  <DIV=20
  style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: =
black"><B>From:</B>=20
  <A href=3D"mailto:quistnet at HOTMAIL.COM" =
title=3Dquistnet at HOTMAIL.COM>PQ</A> </DIV>
  <DIV style=3D"FONT: 10pt arial"><B>To:</B> <A=20
  href=3D"mailto:EUPHORIA at LISTSERV.MUOHIO.EDU"=20
  title=3DEUPHORIA at LISTSERV.MUOHIO.EDU>EUPHORIA at LISTSERV.MUOHIO.EDU</A> =
</DIV>
  <DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Saturday, July 15, 2000 =
11:07=20
  AM</DIV>
  <DIV style=3D"FONT: 10pt arial"><B>Subject:</B> Just a =
Windows-Security=20
  thought...</DIV>
  <DIV><BR></DIV>
  <DIV><FONT face=3DArial size=3D2>
  <DIV><FONT face=3DArial size=3D2>Hy,</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT face=3DArial size=3D2>Just a tought,<BR>does anyone know =
how to use=20
  some dll's in Windows<BR>to monitor the in- and outgoing traffic of=20
  network-ports while<BR>they are in use by an Internet =
explorer.</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT face=3DArial size=3D2>This must be possible, =
right?<BR>Firewalls use=20
  it, right?</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT face=3DArial size=3D2>Thanks,<BR>PQ</FONT></DIV>

------=_NextPart_000_0032_01BFEEB6.8096FAA0--


____________NetZero Free Internet Access and Email_________
Download Now     http://www.netzero.net/download/index.html
Request a CDROM  1-800-333-3633
___________________________________________________________
new topic » goto parent » topic index » view thread » older message » newer message
OpenEuphoria

Re: Just a Windows-Security thought...

Search

Include:

Quick Links

User menu

Misc Menu
