Target Host

Discussion in 'Trojan Defence Suite' started by S!x, Jan 1, 2005.

Thread Status:
Not open for further replies.
  1. S!x

    S!x Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    51
    Location:
    Ohio, USA
    Hi everyone,

    I have a question regarding what the target host IP number should be (assuming the target is my machine) when doing a normal scan.

    In the screenshots i have seen, the users target host (in TDS) seems to be the same ip as local host (127.0.0.1) but mine always shows (0.0.0.0) ... Is their something strange going on with my PC?
    My host file has not been tampered with and still reads 127.0.0.1 (other than a host entry i am assuming was put there by TDS3 " 64.91.255.87 www.dcsresearch.com") ... I can't figure out where the 0.0.0.0 is coming from.

    Look n Stop firewall lists 0.0.0.0 as well for my local IP when i am not connected to the internet.

    I was curious if there are any exploits using this kind of tactic?


    thanks for any help.
     
    Last edited: Jan 1, 2005
  2. S!x

    S!x Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    51
    Location:
    Ohio, USA
    Update:

    I have already re-installed the TDS 3 trial version 2 times today :'( ...It will run a few times (full scans revealing nothing) and then it won't start anymore ... i am getting the same error message everytime:

    "Component 'ntsvc.ocx' or one of it's dependencies not correctly registered: a file is missing or invalid"

    I know it is the NT service and Control Module ... but i have never received this error before today, and with no other programs i run, and i dont get this error when i re-install TDS3 ... possibly related to the 0.0.0.0 local IP #? ... errant message?

    Anybody have any ideas ?
     
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi there, i don't remember why localhost can be 127.0.0.1 or 0.0.0.0 buth both are ok, i see them both on my system too. If you put something in your hosts file like 127.0.0.1 www.mycomputer.com (make sure the URL you choose doesn't exist in reality or you can get into trouble!) and you'll whois locally to that name.
    If you now instal Port Explorer you'll see connections to your local name, just to see the differences.

    In Target Host you can put any IP or URL you like to resolve, trace, whois, do other stuff on.

    I don't know about your .ocx-file, i don't remember it from the required system files, not sure how to register it manually again; can't you get it from the install cd-rom and won't it register itself properly if you do?
     
  4. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, S!x

    ntsvc.ocx and Here


    Take Care,
    TheQuest :cool:
     
    Last edited: Jan 3, 2005
  5. S!x

    S!x Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    51
    Location:
    Ohio, USA
    I found out the 0.0.0.0 is caused by a SOCKET that binds to all i.p. addresses on all interfaces (i have firewire, onboard LAN, and an NIC) ...

    http://www.codeguru.com/Csharp/Csharp/cs_network/article.php/c6041/

    "If a ServerSocket reports its IP address as 0.0.0.0 ...it is bound to INADDR_ANY, i.e. it listens at all interfaces."

    Panda AV had trouble installing its service's and TDS 3 was having some trouble as well (fixed) ... i am assuming on one of those same sockets. Not sure what is going on exactly.

    It may be just one of the AV's i was trying out (they usually install LSP's) and something got crossed up ... or it might be something from ... dare i say? ... the darkside

    My gut tells me the next Windows patch will be for some exploit of Netsh ... but im no expert. :D
     
    Last edited: Jan 4, 2005
Thread Status:
Not open for further replies.