On Jul 12, 2007, at 7:00 AM, Dude VanWinkle wrote:
Do you remember the java applet port scanner that was posted to FD a
while ago? If you visited the site, it would load the applet and scan
cia.gov from your IP address? (kinda like this one:
http://switch.sjsu.edu/v6n2/ztps/, but I dont remember having to click
on "ok" to have the scan kick off..)
Well I am just waiting for some interactive content to allow folks to
load a tiny SMTP server into visiting users JVM's use that to send out
spam..
Could JS be used that way as well?
Not easily:
http://www.mozilla.org/projects/netlib/PortBanning.html
http://kb.mozillazine.org/Network.security.ports.banned.override
I imagine IE has similar restrictions.
Flash or java might have some options, but you have to get around
their security as well:
http://java.sun.com/sfaq/example/port25.html
--
Jordan Wiens, CISSP
UF Network Security Engineer
(352)392-2061
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
