Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: things to break..

From: jpr5 () BOS BINDVIEW COM (Jordan Ritter)
Date: Tue, 25 Jan 2000 11:30:38 -0500

On Mon, 24 Jan 2000, Jeff Bachtel wrote:

# This is obviously a problem, Napster found out that my NT workstation
# could be reached on port 80 through a campus firewall, and proceeded
# to set itself up in that configuration, however that is definately
# against our firewall policy (no, I don't expect napster to read minds,
# just to be more explicit about what its doing and why).

This was actually the purpose for scanning well-known ports.  We are
currently considering altering our auto-configuration methodology so as to
be less intrusive, and to give the user the choice to auto-configure.
FYI.

# I haven't looked at the code for the linux napster client yet (is it
# even freely available?), but if they don't submit their code and
# protocol for peer review, I at least won't be using their product
# (being more than aware what has happened due to Mirabilis' approach to
# security through obscurity)

Well, the linux napster client is not supported by Napster, Inc.  It was
written completely independently of our help, and originally without our
knowledge.

--jordan
Previous By Date Next
Previous By Thread Next

Current thread: