----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, November 11, 2002 11:04 AM Subject: Yahoo Messenger Stale Sessions
> During my observation in daily use of Yahoo Messenger, my computer has "stale/zombie" sessions. For example, If i have received/message a friend, yahoo will normally make a direct connection from my PC to my friend. From Netstat result, you can see a high port on my computer is having an Established session with my peer's:5101 port. > > The issue is, after a contact has gone offline (dial-up), the state established in the netstat will remain until the next day. I wouls see this as a vulnerabilities, since an arbitrary user can assume the IP Address was used (dial-up->dynamic ip assignment), and use this established session to assume it. > > Any idea ? Hmm, I'm not an expert in this, but I do realize if the 4-way handshake for terminating a connection is not done properly, e.g. the user switched off his dial-up modem abruptly, it would cause the "stale/zombie" sessions described as above. The dial-up machine will not have the opportunity to send the FIN to your machine. You probably need to know the sequence number, source port, destination port as well as source IP and destination IP (which you should know).
