Re: Winmx Software making calls to Port 25

[Radoslav Dejanović <radoslav.dejanovic () opsus hr>]

On Friday 06 August 2004 06:42, Retro Granny wrote:

> This activity clearly raises an alarm of a possible backdoor to the
> Winmx program.  I would appreciate any information on how to proceed
> from here.

Winmx is yet another P2P software? 

Some users of P2P networks are behind the firewall. To circumvent this, 
they often use low ports for communication - there's a fair chance that 
the company whose bandwidth you're stealing ;) has some ports open for 
e-mail and web. Therefore, if you they bind their P2P software to port 25 
or 80 they might fool company firewall to think it is just some more web 
pages or email. 

So what happened to you might just be that you tried to connect to some 
user that uses port 25 to share files, and your firewall thought it is an 
outgoing email. 

Be advised that this might be the other case, that your P2P software is 
sending some sensitive data about you (but this is a huge problem with all 
P2P programs and not too easy to avoid, unless you have a source code to 
check it); capture this packets and take a look at them; they will either 
be a SMTP message or just another chunk of data sent to other P2P user. 

-- 
Radoslav Dejanović
Operacijski sustavi d.o.o.
http://www.opsus.hr