Vulnerability Development mailing list archives
Re: Reported Kazaa and Morpheus vulnerabilities
From: "Carlos Gaona" <cgaonau () hotmail com>
Date: Mon, 4 Feb 2002 15:20:16 -0500
Thanks for the information about Kazaa, and you're completly right with the posibilty of a DoS attack -i don't know were my head was this morning- because this little webservers are extremely vulnerable to security treats and shouldn't be implemented at least as a "good-practice". In practice, and related of waht you said, Kazaa don't block file downloading request directly trough http even if there is set a limit on uploads conections on Trafic Settings... what does limit the anonymous connections is to restrict the bandwith on Advanced Settings... Carlos Gaona U. ----- Original Message ----- From: "Jackal" <-jackal- () libero it> To: "Carlos Gaona" <cgaonau () hotmail com> Sent: Monday, February 04, 2002 12:35 PM Subject: Re: Reported Kazaa and Morpheus vulnerabilities
----- Original Message ----- From: "Carlos Gaona" <cgaonau () hotmail com> To: "Vuln-Dev" <vuln-dev () securityfocus com> Cc: "HarryM" <harrym () the-group org> Sent: Monday, February 04, 2002 10:07 AM Subject: Reported Kazaa and Morpheus vulnerabilities ---- snip ---As ar as i know there is no security threat compromising files beyond the ones that are already share. Once
you
download a file trough, the software detected and process it normaly.Thereisn't (as far as i know) anything like " ../ " path problems or unicode related... and i "think" a DoS is not probable.---- snip ----Carlos Gaona U. ndr113 () 350cc comCreate a DoS attack for Morpheus/Kazaa is quite simple. Infact only the connections made from other users with the same application can be regulated and detected from the client. Anonimous connections (directly at 1214/tcp port) cannot be detected even by most personal firewalls such Zone Alarm, 'cause Morpheus/Kazaa needs to be in totaly "Allowed zone" to open connections to outside sources. This "architecture" let us to flood this little web server with HTTP requests, in order to use all the available bandwidth and block Internet access on the target host. Each connection, infact, will generate a socket in "TIME_WAIT" status on 1214/tcp port (however visible with a simple NETSTAT command on the target host) that will cause the saturation of net resources. Some months ago, Paul Godfrey (PaulG () Crackdealer com) coded a Morpheus/Kazaa Denial of service in Perl... u can find it on Packetstorm site. Moreover, u can get a deeper knowledge of Morpheus/Kazaa architecture at: http://www.openp2p.com/pub/a/p2p/2001/07/02/morpheus.html?page=2 Kindly Regards, Stefano Mele aka The Jackal < -jackal- () libero it >
Current thread:
- Re: Reported Kazaa and Morpheus vulnerabilities, (continued)
- Re: Reported Kazaa and Morpheus vulnerabilities HarryM (Feb 04)
- Re: Reported Kazaa and Morpheus vulnerabilities Stanley G. Bubrouski (Feb 04)
- Re: Reported Kazaa and Morpheus vulnerabilities dreamwvr () dreamwvr com (Feb 04)
- RE: Reported Kazaa and Morpheus vulnerabilities Elan Hasson (Feb 04)
- RE: Reported Kazaa and Morpheus vulnerabilities Colby Marks (Feb 07)
- Re: Reported Kazaa and Morpheus vulnerabilities tfm (Feb 04)
- RE: Reported Kazaa and Morpheus vulnerabilities leon (Feb 05)
- Re: Reported Kazaa and Morpheus vulnerabilities Arta (Feb 05)
- RE: Reported Kazaa and Morpheus vulnerabilities Sven Kamphuis (Feb 10)
- RE: Reported Kazaa and Morpheus vulnerabilities leon (Feb 05)
- Reported Kazaa and Morpheus vulnerabilities Carlos Gaona (Feb 03)
- Message not available
- Re: Reported Kazaa and Morpheus vulnerabilities Carlos Gaona (Feb 04)
- Message not available
- RE: Reported Kazaa and Morpheus vulnerabilities Condrey PFC David L (Feb 04)
- Re: Reported Kazaa and Morpheus vulnerabilities 'dreamwvr () dreamwvr com' (Feb 04)
- Re: Reported Kazaa and Morpheus vulnerabilities Blue Boar (Feb 04)
- Re: Reported Kazaa and Morpheus vulnerabilities Jackal (Feb 05)
- RE: Reported Kazaa and Morpheus vulnerabilities Mitch Watts (Feb 05)