Create an Account
username: password:
  MemeStreams Logo

MemeStreams Discussion


This page contains all of the posts and discussion on MemeStreams referencing the following web page: Abusing WCF to Perform Remote Port Scans - Gotham Digital Science. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

Abusing WCF to Perform Remote Port Scans - Gotham Digital Science
by Security Reads at 10:48 am EST, Feb 22, 2010

Last weekend at Shmoocon, I demonstrated how an attacker can trick certain WCF web services into performing an unauthorized port scan of machines behind a firewall. For those that were not able to attend the talk, the slides are posted here. The part that covers the port scanning technique may not be clear in isolation, so I’ll try and explain it in detail. The problem is related to the WSDualHttpBinding, so in order to understand how the scanning technique works you must first understand some WSDualHttpBinding basics.

Powered By Industrial Memetics