 |
|
|
|
.
. , ( ISO/OSI?) . , ? .
, , , SMTP (RFC 821) (RFC 822) .. . ( , .. ). ,
Received: from [83.239.x.y] (port=41101 helo=kpnc)
by mx2.mail.ru with smtp
id 1Ds1ou-0002q6-00
for 3APA3A@SECURITY.NNOV.RU; Mon, 11 Jul 2005 21:11:52 +0400
Message-ID: <00a401c5863b$f05f7f70$0100a8c0@kpnc>
From: "Kris Kaspersky" <kpnc@somebox.ru>
To: "3APA3A" <3APA3A@SECURITY.NNOV.RU>
References: <1985289168.20050711205823@SECURITY.NNOV.RU>
Subject: =?koi8-r?B?UmU6IOvMycXO1NPLycUg0NLP1M/Lz8zZ?=
Date: Mon, 11 Jul 2005 21:14:03 +0400
MIME-Version: 1.0
Content-Type: text/plain;
charset="koi8-r"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1437
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
:
X-Mailer: Microsoft Outlook Express 6.00.2800.1437
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
Microsoft Outlook Express, . , :
Outlook Express Windows 2000 SP4 ( 2800 ) 2004 . , Outlook Express 2005 Windows 2000, 2005 . , .. , - , , - X-Mailer X-MimeOLE - .
Date: Mon, 11 Jul 2005 21:14:03 +0400
, , 2 . (Windows 2000) : Windows XP, , , - . , .
References: <1985289168.20050711205823@SECURITY.NNOV.RU>
(Message-ID) , . , , The Bat!.
From: "Kris Kaspersky" <kpnc@somebox.ru>
. . .. . .
Message-ID: <00a401c5863b$f05f7f70$0100a8c0@kpnc>
. . - . ( "") , . 00a401c5863b - / "" . Date "" . Kpnc - . , . 0100a8c0 - IP ( little endian). .. 192.168.0.1. RFC 1918 , .. NAT , , . 127.0.0.1 , , Symantec. , .. LSP . , .
Received: from [83.239.x.y] (port=41101 helo=kpnc)
by mx2.mail.ru with smtp
id 1Ds1ou-0002q6-00
for 3APA3A@SECURITY.NNOV.RU; Mon, 11 Jul 2005 21:11:52 +0400
( SMTP HELO, Outlook Express). 83.239.x.y - IP , . (41101). . 1024 , , . , :
Received: from [83.239.x.y] (port=41101 helo=kpnc)
Mon, 11 Jul 2005 21:11:52 +0400
Received: from [83.239.x.y] (port=18294 helo=kpnc)
Mon, 11 Jul 2005 21:31:46 +0400
Received: from [83.239.x.y] (port=25896 helo=kpnc)
Mon, 11 Jul 2005 23:48:02 +0400
Received: from [83.239.x.y] (port=52180 helo=kpnc)
Tue, 12 Jul 2005 00:21:52 +0400
<>
Received: from [83.239.x.y] (port=37530 helo=kpnc)
Tue, 12 Jul 2005 23:58:15 +0400
Received: from [83.239.x.y] (port=38040 helo=kpnc)
Tue, 12 Jul 2005 23:58:22 +0400
< >
Received: from [83.239.x.y] (port=47946 helo=kpnc)
Wed, 13 Jul 2005 00:14:59 +0400
Received: from [83.239.x.y] (port=37167 helo=kpnc)
Wed, 13 Jul 2005 00:27:48 +0400
Received: from [83.239.x.y] (port=34185 helo=kpnc)
Wed, 13 Jul 2005 02:43:57 +0400
<>
Received: from [83.239.x.y] (port=45881 helo=kpnc)
Thu, 14 Jul 2005 16:46:43 +0400
Received: from [83.239.x.y] (port=47538 helo=kpnc)
Thu, 14 Jul 2005 16:46:54 +0400
Received: from [83.239.x.y] (port=51689 helo=kpnc)
Thu, 14 Jul 2005 16:53:45 +0400
, , , ( 24 ) , , . (NAT/PAT) - , D-Link. ( ) , .. .
, "" , , , , .
HTTP
.
: HTTP :
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-powerpoint, application/vnd.ms-excel,
application/msword, */*
Accept-Language: en-us
Connection: Keep-Alive
Host: www.security.nnov.ru
Referer: http://www.security.nnov.ru/search/exploits.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)
Via: 1.0 DOMSRV
, :
: Windows NT 4.0
: Microsoft Internet Explorer 5.5
: Microsoft Office ( Professional )
: Microsoft ISA Server
: HTTP Internet Explorer
:
. Ethereal -, 3proxy Proxomitron - .
, . Norton Internet Security Referer -
Weferer: EJGDGVCJVTLBXFGGMEP:.
Outpost ( ) Field blocked by Outpost Firewall Field blocked by Outpost.
, .
. , . , . - - , , - , . , , , . . , Proxomitron. , , , , , .
:
: Microsoft Internet Explorer ( ), .
-: Proxomitron ( - ).
:
- - ( 1), , - Proxomitron.
? , . , Proxomitron - , . "" Internet Explorer Internet Explorer
http://www.server.domen/[1024x'A'], ? Internet Explorer . Proxomitron . .
- . "" ( "Etherleak"). :
PUSH -
TCP, , "" ( PUSH TCP-). , , PUSH, , write/send .
, .
, , . ? , , FTP Web- . , ( 1024 ). , , . , .
:
- , "" . , , .
Gameland
|
|
|
|
|
|
|
|
