Vulnerability Development mailing list archives
Re: things to break..
From: shok () MOKIMAKI ETHEREAL NET (Matt Conover)
Date: Mon, 24 Jan 2000 03:17:01 -0800
Well, I have no affiliation with Napster Inc., but I do know what they were trying to do. The idea was to allow people to use napster behind a firewall. This isn't really an issue; the RealPlayer (RealAudio from RealNetworks) does the same thing. The source wasn't available because they were worried about competition. I disagreed with this and I told him they should relesae it. Nevertheless, a free client for Linux is available (gnome-napster) which includes source. There are also mailing lists that are working on developing a free napster server (independent of Napster Inc.). On Mon, 24 Jan 2000, Jeff Bachtel wrote:
Napster has a "feature" where it will decide the proper port on which to operate, especially if you are behind a firewall. Therefore, their server scans you, and ports that you are reachable on (but which are not actually running a service on your machine) are pegged as useable by napster for serving mp3's. This is obviously a problem, Napster found out that my NT workstation could be reached on port 80 through a campus firewall, and proceeded to set itself up in that configuration, however that is definately against our firewall policy (no, I don't expect napster to read minds, just to be more explicit about what its doing and why). I haven't looked at the code for the linux napster client yet (is it even freely available?), but if they don't submit their code and protocol for peer review, I at least won't be using their product (being more than aware what has happened due to Mirabilis' approach to security through obscurity) jeff On Sun, Jan 23, 2000 at 10:55:09PM -0600, Matthew S. Hallacy wrote:speaking of napster, it seems that it portscans you upon connection to their server, the firewall where i work kept setting off my pager and I found that it was someone loading napster. I've since banned the use of it, but it's still quite curious.. On Sun, 23 Jan 2000 Inedag () AOL COM wrote:since we're on the topic, how about napster? that's in use by a bazillion people .. although i don't know how fair that'd be to the napster people, as i think they're still in beta. just a suggestion. -i
Current thread:
- Re: Administrivia #5218, (continued)
- Re: Administrivia #5218 Bob Fiero (Jan 22)
- bruterh.sh & syslogd & [g]libc & proftpd & wu-ftpd & sendmail Michal Zalewski (Jan 23)
- things to break.. Inedag () AOL COM (Jan 23)
- CGI insecurities hypoclear - lUSt - (Linux Users Strike Today) (Jan 23)
- HTTP scanners? Scorpus Kahn (Jan 15)
- Re: HTTP scanners? Seth R Arnold (Jan 24)
- Re: CGI insecurities David Taylor (Jan 23)
- Re: CGI insecurities Blue Boar (Jan 23)
- Re: things to break.. Matthew S. Hallacy (Jan 23)
- Re: things to break.. Jeff Bachtel (Jan 23)
- Re: things to break.. Matt Conover (Jan 24)
- Re: things to break.. Jordan Ritter (Jan 25)
- Re: things to break.. WHiTe VaMPiRe (Jan 24)
- Re: things to break.. Jordan Ritter (Jan 25)
- Re: things to break.. Jordan Ritter (Jan 25)
- Re: things to break.. Matt Conover (Jan 24)
- Re: things to break.. John Galt (Jan 24)
- Re: things to break.. Matt Conover (Jan 25)
- Re: things to break.. Simple Nomad (Jan 25)
- Re: things to break.. Jordan Ritter (Jan 25)
- ICQ Pass Cracker. WolF Knox (Jan 26)