login | register | shoutbox

 What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » General » Forum & Website » Mistruth in FAQ

Mistruth in FAQ
Author: Message:
Burningmace
Junior Member
**


Posts: 20
Joined: Sep 2008
O.P. RE: Mistruth in FAQ
That is not my point. While Messenger Plus! does not open ports for listening, it does connect via the network to other computers on the internet (the update service for one) and these connections are made in the following manner:

1) Resolve the IP address for msgpluslive-update.net
2) Make a connection to this IP address
3) See if there is an update, if there is then download it.

Step 1 is exploitable using DNS spoofing. Step 2 is exploitable (in some cases) using ARP spoofing. Step 3 is exploitable (fake update response sending malware instead of patch) once either step 1 or 2 have been exploited.

In order to determine the update protocol I could simply inject myself between the client and server as a transparent proxy using DNS/ARP spoofing in a classic man-in-the-middle attack, then monitor all network traffic on that connection. I could then follow the messages sent and received and use the information gathered to create my own application that simulates the update server's behaviour.

Other than using an SSL certificate to fully authenticate the server and encrypt network traffic, I am unaware of any feasible method of preventing man-in-the-middle attacks from succeeding.

This post was edited on 09-23-2008 at 11:02 PM by Burningmace.
09-23-2008 11:01 PM
Profile E-Mail PM Find Quote Report
« Next Oldest Return to Top Next Newest »

Messages In This Thread
Mistruth in FAQ - by Burningmace on 09-23-2008 at 07:46 PM
RE: Mistruth in FAQ - by matty on 09-23-2008 at 08:09 PM
RE: Mistruth in FAQ - by Burningmace on 09-23-2008 at 08:15 PM
RE: Mistruth in FAQ - by matty on 09-23-2008 at 08:32 PM
RE: Mistruth in FAQ - by Burningmace on 09-23-2008 at 09:00 PM
RE: Mistruth in FAQ - by ShawnZ on 09-23-2008 at 09:35 PM
RE: RE: Mistruth in FAQ - by Burningmace on 09-23-2008 at 09:51 PM
RE: Mistruth in FAQ - by riahc4 on 09-23-2008 at 10:02 PM
RE: RE: Mistruth in FAQ - by Burningmace on 09-23-2008 at 10:11 PM
RE: Mistruth in FAQ - by Voldemort on 09-23-2008 at 10:05 PM
RE: Mistruth in FAQ - by ShawnZ on 09-23-2008 at 10:22 PM
RE: RE: Mistruth in FAQ - by Burningmace on 09-23-2008 at 10:27 PM
RE: Mistruth in FAQ - by foaly on 09-23-2008 at 10:44 PM
RE: Mistruth in FAQ - by Burningmace on 09-23-2008 at 11:01 PM
RE: RE: Mistruth in FAQ - by segosa on 09-23-2008 at 11:41 PM
RE: Mistruth in FAQ - by Link_of_Hyrule on 09-23-2008 at 11:09 PM
RE: Mistruth in FAQ - by ShawnZ on 09-23-2008 at 11:24 PM
RE: Mistruth in FAQ - by Burningmace on 09-23-2008 at 11:31 PM
RE: Mistruth in FAQ - by Burningmace on 09-23-2008 at 11:58 PM
RE: RE: Mistruth in FAQ - by segosa on 09-24-2008 at 12:21 AM
RE: Mistruth in FAQ - by ShawnZ on 09-24-2008 at 12:10 AM
RE: Mistruth in FAQ - by Burningmace on 09-24-2008 at 12:20 AM
RE: Mistruth in FAQ - by WDZ on 09-24-2008 at 12:35 AM
RE: Mistruth in FAQ - by Burningmace on 09-24-2008 at 12:37 AM
RE: RE: Mistruth in FAQ - by segosa on 09-24-2008 at 01:10 AM
RE: Mistruth in FAQ - by Lou on 09-24-2008 at 01:10 AM
RE: RE: Mistruth in FAQ - by Burningmace on 09-24-2008 at 10:09 AM
RE: Mistruth in FAQ - by Menthix on 09-24-2008 at 11:25 AM
RE: Mistruth in FAQ - by Spunky on 09-24-2008 at 01:38 PM


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts 		HTML is Off
myCode is On
Smilies are On
[img] Code is On