Vulnerability Development mailing list archives
Re: things to break..
From: sebastion () IRELANDMAIL COM (Jeff Bachtel)
Date: Mon, 24 Jan 2000 00:22:24 -0600
Napster has a "feature" where it will decide the proper port on which to operate, especially if you are behind a firewall. Therefore, their server scans you, and ports that you are reachable on (but which are not actually running a service on your machine) are pegged as useable by napster for serving mp3's. This is obviously a problem, Napster found out that my NT workstation could be reached on port 80 through a campus firewall, and proceeded to set itself up in that configuration, however that is definately against our firewall policy (no, I don't expect napster to read minds, just to be more explicit about what its doing and why). I haven't looked at the code for the linux napster client yet (is it even freely available?), but if they don't submit their code and protocol for peer review, I at least won't be using their product (being more than aware what has happened due to Mirabilis' approach to security through obscurity) jeff On Sun, Jan 23, 2000 at 10:55:09PM -0600, Matthew S. Hallacy wrote:
speaking of napster, it seems that it portscans you upon connection to their server, the firewall where i work kept setting off my pager and I found that it was someone loading napster. I've since banned the use of it, but it's still quite curious.. On Sun, 23 Jan 2000 Inedag () AOL COM wrote:since we're on the topic, how about napster? that's in use by a bazillion people .. although i don't know how fair that'd be to the napster people, as i think they're still in beta. just a suggestion. -i
Current thread:
- Re: Administrivia #5218, (continued)
- Re: Administrivia #5218 Granquist, Lamont (Jan 24)
- Re: Administrivia #5218 Bob Fiero (Jan 22)
- bruterh.sh & syslogd & [g]libc & proftpd & wu-ftpd & sendmail Michal Zalewski (Jan 23)
- things to break.. Inedag () AOL COM (Jan 23)
- CGI insecurities hypoclear - lUSt - (Linux Users Strike Today) (Jan 23)
- HTTP scanners? Scorpus Kahn (Jan 15)
- Re: HTTP scanners? Seth R Arnold (Jan 24)
- Re: CGI insecurities David Taylor (Jan 23)
- Re: CGI insecurities Blue Boar (Jan 23)
- Re: things to break.. Matthew S. Hallacy (Jan 23)
- Re: things to break.. Jeff Bachtel (Jan 23)
- Re: things to break.. Matt Conover (Jan 24)
- Re: things to break.. Jordan Ritter (Jan 25)
- Re: things to break.. WHiTe VaMPiRe (Jan 24)
- Re: things to break.. Jordan Ritter (Jan 25)
- Re: things to break.. Jordan Ritter (Jan 25)
- Re: things to break.. Matt Conover (Jan 24)
- Re: things to break.. John Galt (Jan 24)
- Re: things to break.. Matt Conover (Jan 25)
- Re: things to break.. Simple Nomad (Jan 25)
- Re: things to break.. Jordan Ritter (Jan 25)