Re: Reported Kazaa and Morpheus vulnerabilities

["Jackal" <-jackal- () libero it>]

----- Original Message -----
From: "Carlos Gaona" <cgaonau () hotmail com>
To: "Vuln-Dev" <vuln-dev () securityfocus com>
Cc: "HarryM" <harrym () the-group org>
Sent: Monday, February 04, 2002 10:07 AM
Subject: Reported Kazaa and Morpheus vulnerabilities

---- snip ---
> As ar as i know there is no security
> threat compromising files beyond the ones that are already share. Once you
> download a file trough, the software detected and process it normaly.
There
> isn't (as far as i know) anything like " ../ " path problems or unicode
> related... and i "think" a DoS is not probable.
---- snip ----
>  Carlos Gaona U.
>  ndr113 () 350cc com


Create a DoS attack for Morpheus/Kazaa is quite simple.
Infact only the connections made from other users with
the same application can be regulated and detected from
the client.
Anonimous connections (directly at 1214/tcp port)
cannot be detected even by most personal firewalls
such Zone Alarm, 'cause Morpheus/Kazaa needs to
be in totaly "Allowed zone" to open connections to
outside sources.
This "architecture" let us to flood this little web server
with HTTP requests, in order to use all the available
bandwidth and block Internet access on the target host.
Each connection, infact, will generate a socket in
"TIME_WAIT" status on 1214/tcp port (however visible
with a simple NETSTAT command on the target host)
that will cause the saturation of net resources.
Some months ago, Paul Godfrey (PaulG () Crackdealer com)
coded a Morpheus/Kazaa Denial of service in Perl...
u can find it on Packetstorm site.
Moreover, u can get a deeper knowledge of Morpheus/Kazaa
architecture at:
http://www.openp2p.com/pub/a/p2p/2001/07/02/morpheus.html?page=2
Kindly Regards,


Stefano Mele aka The Jackal
< -jackal- () libero it >