Lucifer Posted February 9, 2006 Report Share Posted February 9, 2006 My Outpost firewall detects an attack from forum.utorrent.com (207.142.136.45) and tries to scan my ports.I maybe wrong but checking cookies shouldn't scan more than one port, does it? Link to comment Share on other sites More sharing options...
Miffo Posted February 9, 2006 Report Share Posted February 9, 2006 Ive said it before, Outpost is paranoid. To say the least.. Link to comment Share on other sites More sharing options...
Falcon4 Posted February 9, 2006 Report Share Posted February 9, 2006 Cookies don't scan ports. o.O...That's like saying "my piece of paper tried to smash my xerox machine". Uhm, paper doesn't move... and cookies are not programs.(Similarly, cookie "checking" doesn't "scan ports" at all, all the cookies for a site are sent to the server whenever you send a request, that's how you stay logged in... nothing needs to be "scanned" to find cookies)Also, you're using a "firewall", PERIOD. That contributes to problems in and of itself. If you have a router, port scanning can't happen. Lose the damn firewall, unless you're paranoid about outgoing data protection (scoff)... Link to comment Share on other sites More sharing options...
Lucifer Posted February 10, 2006 Author Report Share Posted February 10, 2006 No, i don't have a router and it's a fact that utorrent.com is scanning my ports so the firewall isn't wrong. You don't scan people's ports for no reason, do you?I learn that PHP uses base64 to check cookies on your pc by opening a port in order to identify them. Link to comment Share on other sites More sharing options...
DreadWingKnight Posted February 10, 2006 Report Share Posted February 10, 2006 I learn that PHP uses base64 to check cookies on your pc by opening a port in order to identify them.Where and how?cookies are sent by your browser. the site doesn't connect to you to check them. you connect to the site. Link to comment Share on other sites More sharing options...
Lucifer Posted February 10, 2006 Author Report Share Posted February 10, 2006 I have little knowledge on php but this was told by a friend of mine who's a senior programmer in php & sql so i maybe wrong.Some php cookies containing your username & password are encoded in base64. For authentication, login servers need client computers to send them the base64 encoded request cookie and compares with the database. The server scans your ports and if any are found open, connection will be made using that port. Link to comment Share on other sites More sharing options...
Falcon4 Posted February 10, 2006 Report Share Posted February 10, 2006 That's a crock of crap... I code PHP (haven't you seen my profile? Here's a sample) and I know how cookies work. Password is generally stored in a MD5 hash (one-way encryption) and username is stored as a user number. Both are sent to the server along with whatever other cookies, to keep track of your session on the server (as every single page view is a complete restart of the system, using only the data that you sent to the server). It's nearly impossible to do some kind of "port scanning" in PHP (okay, I'll say it: IM-FUCKING-POSSIBLE). Not to mention that it's completely pointless.No connections are made other than the port 80 for HTTP.Your firewall is wrong.edit: (and you probably just misunderstood your friend) Link to comment Share on other sites More sharing options...
Lucifer Posted February 10, 2006 Author Report Share Posted February 10, 2006 haha, i guess i misunderstood his explanation. Guess i'll just ignore the firewall message ^^Thanks, Falcon4 Link to comment Share on other sites More sharing options...
Falcon4 Posted February 10, 2006 Report Share Posted February 10, 2006 No problem, hope I didn't sound too harsh - I just hate firewalls and "internet protection" products... Link to comment Share on other sites More sharing options...
splintax Posted February 10, 2006 Report Share Posted February 10, 2006 It's nearly impossible to do some kind of "port scanning" in PHP (okay, I'll say it: IM-FUCKING-POSSIBLE). Not to mention that it's completely pointless.Sure about that? How about the µTorrent port checker, isn't that done in PHP?But you're definitely right insofar as that Outpost is 99.99999% sure to be wrong. Unless forum.utorrent.com sending you HTML on port 80 is considered an attack nowadays... Link to comment Share on other sites More sharing options...
Falcon4 Posted February 10, 2006 Report Share Posted February 10, 2006 As in a port checker within µTorrent itself? I can guarantee you that absolutely zero parts of µTorrent are written in PHP. PHP is a web scripting language. Link to comment Share on other sites More sharing options...
Firon Posted February 10, 2006 Report Share Posted February 10, 2006 the port checker is a PHP script on the site Link to comment Share on other sites More sharing options...
Falcon4 Posted February 11, 2006 Report Share Posted February 11, 2006 I'm losing my patience with this site... Link to comment Share on other sites More sharing options...
Ultima Posted February 11, 2006 Report Share Posted February 11, 2006 I'm not sure if you're confused about what we're talking about, but if you are... this is the port checker being discussed:http://www.utorrent.com/testport.php?port=INSERT_YOUR_PORT_NUMBER_HERE=P Link to comment Share on other sites More sharing options...
Falcon4 Posted February 11, 2006 Report Share Posted February 11, 2006 Oh, that's more understandable. Port scanning is impossible in PHP. Port checking is simply done by running an open-socket command on an IP and port number. As I did it in my old sig script (source):$fp = @fsockopen($host,$port,$errstr,$errno,3);The "@" tells it, basically, not to corrupt the image data with an error message if it fails. I could handle failures better, I'm sure, but meh.(To do port scanning on PHP, you'd have to do countless ones of these socket-open commands, and they'd take something like 10 seconds each to time out... that'd take FOREVER!) Link to comment Share on other sites More sharing options...
r00ted Posted February 12, 2006 Report Share Posted February 12, 2006 I've seen this kind of attacks in the past while using Outpost...don't know how it figures. I've had outpost report port scans from methlabs.org (yea....the last time I used Outpost).Now my primary defense is a linksys hardware router, windows xp sp2 firewall. Link to comment Share on other sites More sharing options...
splintax Posted February 13, 2006 Report Share Posted February 13, 2006 Thanks for the link Ultima, I didn't have µT available at the time and was trying portchecker.php Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.