[Dshield] Kazaa inquiry to dst port 80?
dominiquefiori at numericable.fr
Mon Nov 25 10:24:24 GMT 2002
I am just a beginner on security issue but i would like to intervene on a
point we covered last week at Uni. I study linux Web admin + security and the
teacher just warned us on major security issue on KaZaA.
Hackers, lamers, script b kiddies seem also to hang on that soft in order to
get easy info.
I understood from my teacher intervention that KaZaA should not be
authorized in a work environment unless absolutely mandatory as per company
when you register on Kazaa you enter a IN name that could be your own name,
surname or an alias.
kazaa writes on your hard disk and without any warning spy wares. their names
will take the name of your login.
What is in those spy-wares ? what has been downloaded and is not any more on
your hard disk, the alias of the person you got the data from and what you
are downloading and of course what you should download next and WHAT ARE YOU
Those Kazaa spy-wares are located on the shared directory that other Kazaa
people can access. I am new on security training but I immediately see the
A hacker could use those info to contact other people from Kazaa pretending
being you and then trough trust, social engeeniring or else pretend be you.
imagine that one of your guys falls into that trap.
I believe there is a huge gap for a security breach here or at least a start
for further damaging.
Look I am French therefore that English langauge I like is not mine therefore
please excuse my spelling mistakes, pidgeon English whatever. do not think
because of this that my information is not valid.
Warmest regards and thanks to the numerous people who helped me since the day
I got stolen 600 megs of data over the net and decided to study security.
It does not only happen to others !
On Sunday 24 November 2002 19:05, you wrote:
> On Thu, Nov 21, 2002 at 05:57:53PM -0600, Josh Ballard wrote:
> > > Thought this a bit odd. Notice that the destination port on my end is
> > > TCP:80
> > >
> > > Usually I'd see TCP:1214 on my end.
> > As per the options in the newest KaZaA client, if it "feels" filtered,
> > the next thing it does is attempt to run on port 80. Pretty much KaZaA
> > is doing a pretty good job of beating most firewalls right now, but I
> > did say most. I've even heard from some of the commercial companies
> > that say they are a couple weeks out of having updates of their software
> > out to "fix" this. I've got a semi-standing solution, though I'm in the
> > middle of research on this. Hope that helps.
> I'm not actually filtering Kazaa on 1214, but there's no Kazaa client
> there either: I'm running my little ACK_hole proggie, which sits on a
> port and accepts packets, all the while dropping them much like the
> UNIX discard service.
> - John
More information about the list