force webpage to a workstation?

[blakdeth77]

Hi sorry I havent looked through the FAQ yet for this but I figured it'd be a specific/complex enough question that it's not in the FAQ and my laptop's almost dead w/o my p/s around... hopefully this is just a quick answer for somebody with more knowlege than myself, I'll try to check tomorrow for any replies... can anyone explain to me (the theory) of ... say there's workstation A- logged on to the internet, surfing webpages, and there's workstation B (say someone like a spammer or advertiser who would want to deliver a webpage to workstation A for marketing purposes with their message and or slogan)...

say workstation B wants to send- or rather *force* a page open (like a popup) on to workstation A's box... isn't port 80 in like a "listen" mode normally for requests?? or... basically what I'm wanting to know is what stops this?? Or is it not normally prevented? I will search the faq for how popups work... maybe that's what I should be reading to answer my question. Just in case, I'll post this. Thanks for any help!!

[XTC46]

popups are normally generated by code on the web page you are looking at (very simple java) or by malware on your computer executing a script that causes programs like messenger or your internet browser to "pop up" a window pointing at a webpage. Generally pop up blockers work by prevent this code from fully executing. So work station B doesnt really do the work, it is just a script on your computer or on a web page you are looking at. To block pop ups, download firefox for one, run adaware/spybot/tons of other really good free tools and cheer as they delete all the bad scripts and prevent more from comming.

[hypronix]

Originally posted here by XTC46
run adaware/spybot/tons of other really good free tools

I still can't believe in this day and age there is a need for this many tools in order to just keep your computer running. Sure everybody runs a firewall and an A/V scanner, but think about the time and processing power required to constantly run these tools to keep your computer running well enough to... well, run.

I could advocate moving to Linux but that's not a topic here. What I will say is that if there is any crackdown on cybercrime the authorities should start with spammers first and foremost, phishers and scammers alike.

Direct spamming could be done theoretically IMO. But AFAIK HTTP still uses SYN/ACK for communication, which means you'd need to access a site for the request to be valid. I guess spoofing a connection wouldn't be a big idea but... why bother when there's so many sites ripe with possibilities?

[XTC46]

Sure direct attacke are possible but the purpose of spam is to hit large amounts of people, direct attacks would take alot more resources then sticking malware on a box through an email or messing with the code for a web page.

[hypronix]

Yeah it would take more resources from the attacker... it's no longer relay servers that are getting clobbered with spam, and direct attacks woould involve somewhat of a fixed base of operations [which a laptop in a netcafe parlour won't suffice for]

But, theoretically speaking, it can be done... As said, there's no justifiable reason for a spammer to waste his/her time and money on something like that.

[shell_coder]

scary... but related link http://www.evilscheme.org/defcon/


-shell coder

[Iron-Kurton]

I know I'm a little late, but if you were trying to redirect someone's browser, there are basically a few ways to do it. Posters before me indicated some of them, while there are still other ways to do it.

For instance, if you had access to Workstation A's host file, you could set a random website (such as google) to direct to another page.

I've had another problem with my Belkin Wireless router. The router would intercept a port 80 request every 8 hours and display their parental control ad page (much to my annoyance). I found out since, one has to turn this "feature" (in Belkin's words) off in parental controls, but as you can imagine, this was VERY unnerving especially if you were in the middle of, say, a credit card transaction or online homework. Makes you think what other kind of information Belkin intercepts, what they send to whom (maybe your web usage statistics in the best case scenario), etc...

That's all I got, hope you're not using Belkin (for anything important).

-ik

P.S. thanks shell_coder for the excellent link