• Re: A true rescan of this echo

    From Wilfred van Velzen@2:280/464 to Bj”rn Felten on Thu Apr 20 13:27:42 2017
    * Originally in JAMNNTPD
    * Crossposted in IPV6
    Hi Bj”rn,

    On 2017-04-20 13:02:39, you wrote to All:

    I've got some requests for a rescan of this echo, and here you go:

    http://eljaco.se/FILES/Billing/JAMNNTPD.rar

    Got it:

    # wget http://eljaco.se/FILES/Billing/JAMNNTPD.rar
    --2017-04-20 13:26:21-- http://eljaco.se/FILES/Billing/JAMNNTPD.rar
    Resolving eljaco.se (eljaco.se)... 2001:470:27:302::2, 90.231.158.147 Connecting to eljaco.se (eljaco.se)|2001:470:27:302::2|:80... failed: Connection refused.
    Connecting to eljaco.se (eljaco.se)|90.231.158.147|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 566295 (553K) [application/octet-stream]
    Saving to: ‘JAMNNTPD.rar’

    But your http server on IPv6 seems to be broken?

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.7-B20170419
    * Origin: FMail development HQ (2:280/464)
  • From Alexey Vissarionov@2:5020/545 to Wilfred van Velzen on Thu Apr 20 15:25:12 2017
    Good ${greeting_time}, Wilfred!

    20 Apr 2017 13:27:42, you wrote to Bj”rn Felten:

    I've got some requests for a rescan of this echo, and here you go:
    http://eljaco.se/FILES/Billing/JAMNNTPD.rar
    # wget http://eljaco.se/FILES/Billing/JAMNNTPD.rar
    Connecting to eljaco.se (eljaco.se)|2001:470:27:302::2|:80...
    failed: Connection refused.
    But your http server on IPv6 seems to be broken?

    He uses very strange setup of M$ IIS, which even discloses inner IP address:

    HTTP/1.1 200 OK
    Server: Microsoft-IIS/5.1
    Content-Location: http://192.168.0.220/index.html
    Date: Thu, 20 Apr 2017 12:25:40 GMT
    Content-Type: text/html
    Accept-Ranges: bytes
    Last-Modified: Mon, 19 Jan 2015 22:52:42 GMT
    ETag: "78c025a23a34d01:a3c"
    Content-Length: 2307

    I guess it's running behind a IPv4 NAT.


    P.S.: exxxxxxploitable! :-)

    --
    Alexey V. Vissarionov aka Gremlin from Kremlin
    gremlin.ru!gremlin; +vii-cmiii-cmlxxvii-mmxlviii

    ... :wq!
    --- /bin/vi
    * Origin: http://openwall.com/Owl (2:5020/545)
  • From Björn Felten@2:203/2 to Alexey Vissarionov on Thu Apr 20 18:00:55 2017
    I guess it's running behind a IPv4 NAT.

    Yes of course.

    P.S.: exxxxxxploitable! :-)

    How so?


    ..

    --- Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.9.1.16) Gecko/20101125
    * Origin: news://eljaco.se (2:203/2)
  • From Tommi Koivula@2:221/360 to Bj”rn Felten on Thu Apr 20 19:42:31 2017
    Hello, Björn Felten : Alexey Vissarionov.
    On 20/04/2017 7:00 p.m. you wrote:

    P.S.: exxxxxxploitable! :-)
    How so?

    IIS is. :(

    --
    'Tommi

    --- HotdogEd/2.13.5 (Android; Google Android; rv:1) Hotdoged/1480338873000 Hotd
    * Origin: *** nntp://rbb.bbs.fi *** Lake Ylo *** Finland *** (2:221/360)
  • From Björn Felten@2:203/2 to Tommi Koivula on Thu Apr 20 19:14:18 2017
    P.S.: exxxxxxploitable! :-)
    How so?

    IIS is. :(

    Usually yes, but I can assure you, not in my configuration. Just try it.

    I see in my log files several attempts per day, but they all fail miserably. So I'm fairly confident that my system is safe. After all, I was doing this for a living for several decades. If I couldn't get my own system safe, what would all my customers say...? 8-)



    ..

    --- Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.9.1.16) Gecko/20101125
    * Origin: news://eljaco.se (2:203/2)
  • From Tommi Koivula@2:221/1.100 to Bj�rn Felten on Thu Apr 20 20:43:05 2017
    Answering a message from jamnntpd.

    Hello, Bj�rn Felten.
    On 20/04/2017 19:19 you wrote:

    The netsh portproxy should do the trick.
    For the last time: IIS/5.1 doesn't know anything about IPv6.

    Also my OS/2 doesnt know anything about iov6. But still it is connectable by ipv6.

    EOD?

    I repeat, the netsh portproxy can route incoming ipv6 port 80 to ipv4.


    --
    'Tommi
    --- Hotdoged/2.13.5/Android
    * Origin: native ipv6 point (2:221/1.100)