What on earth?

Hi Mike: The domain name for IP 66.218.70.35: is v4.vc.scd.yahoo.com on the following server:

P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Last-Modified: Fri, 03 May 2002 17:36:15 GMT
ETag: "4b536-dca-3cd2ca8f"

It is Yahoo Voice Chat:
Excerpt: http://vc.yahoo.com:5001/ Info For Network Administrators:

“Yahoo! Voice Chat uses the Real-time Transport Protocol (RTP, described in RFC 1889) for communication between users' computers and the Yahoo! voice servers. A firewall must allow a user's computer to make outgoing TCP connections to ports 5000 and 5001 on our servers. The servers will always attempt to use UDP for voice data, but will use TCP if UDP is blocked (your firewall may log the blocked UDP packets).
Current list of Yahoo! Voice Chat servers (subject to change): “

Hope this helps.

 

Good work Rickster. Now the question, how does someone get a yahoo voice chat server to attack someone? That is certainly more than the regular connection attempts you would expect to see. Those are comming in milliseconds, unless I'm reading the datetime wrong. Also, null packets?
Mike, Yahoo should certainly own up to this as they know good and well about UDP and port 5000.

 

Maybe they are just practicing for tonight.

Heightened Awareness Warranted on August 5-6, 2002 by U.S. Website and ISP Administrators


http://www.dslreports.com/forum/remark,4050805~root=security,1~mode=flat

 

MIKE....and All

Should read:::


http://www.pgp.com/research/covert/advisories/045.asp