Hi folks, Something that always puzzles me is that there must be a way to upload other files than MP3's through Napster by changing the file extension to .mp3 I tried this & it didn't work, however there simply must be a way to fool Napster into thinking that it is uploading an MP3 by embedding the correct information within the file. Any thoughts?? Regards, James Rowley Webevent - http://www.altern.org/webevent/webevent Web Freelancer WML, FLASH4, SQL, Perl, HDML, DIRECTOR 7, PHP4 -----Original Message----- From: Robert Graham [mailto:robert_david_grahamat_private] Sent: 17 February 2000 01:22 To: Andrew Scoggins; firewall-wizardsat_private Subject: Re: Killing Napster I looked at this a while ago. It appears that clients create an outgoing connection to the directory server. If the client is behind a firewall (no inbound connections) but somebody wants to download a file from your machine, then the Napster directory server tells you (across the control connection) to contact that user and send him the file. The upshot is that if only one of you is behind a firewall, you can exchange files. If BOTH of you are behind firewalls, you can't. In any case, Napster is a social protocol. It's key feature is not that it can download MP3s (FTP and HTTP can do that), but forces the user (with near Nazi tactics) to provide files for upload. Consequently, it improves the signal/noise ratio for users wanting to download files. Now that people have published the protocol, it will only be a matter of time before someone creates a version of Napster without the draconian publishing requirements. This will ultimately destroy the Napster community, as people stop sharing files. But, either Napster or some other program will rise in its place with a more private protocol. After September, it may even use RSA/SSL, which will begin to make our lives much harder. Anyway, blocking outgoing TCP connections to port 6699 (napster directory server) should fix the problem. --- Andrew Scoggins <scogginsat_private> wrote: > Hello all, > > I am currently looking into killing the MP3 Program Napster. > > A user told me that he had been using it inside the firewall to download > files on an external Napster server. He assumed he was safe because he > was behind the firewall, but soon discovered that other users were > downloading from his machine. My guess is that Napster establishes a > connection from client to server that is used for uploads AND downloads. > So, the burning question is, has anyone blocked Napster by specifying > the destination port (which I haven't figured out yet) going out? I am > not running an application level firewall, so I can only do it by port. > > Thanks for any help. I also post other info as I find it. > > Andy > > -- > =-=-=-=-=-=-=-=-=-=-=-=-=-= > Andy Scoggins > Network Analyst > Progress Software > scogginsat_private > =-=-=-=-=-=-=-=-=-=-=-=-=-= > > Information security is > Y2K without the deadline. > > ===== Robert Graham http://www.robertgraham.com/pubs __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:06:33 PDT