Re: Reported Kazaa and Morpheus vulnerabilities

From: Carlos Gaona (cgaonauat_private)
Date: Mon Feb 04 2002 - 12:20:16 PST

Next message: Stanley G. Bubrouski: "Re: Reported Kazaa and Morpheus vulnerabilities"

Previous message: David Litchfield: "Re: Lotus Domino password bypass"
Next in thread: 'dreamwvrat_private': "Re: Reported Kazaa and Morpheus vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks for the information about Kazaa, and you're completly right with the
posibilty of a DoS attack -i don't know were my head was this morning-
because this little webservers are extremely vulnerable to security treats
and shouldn't be implemented at least as a "good-practice".
In practice, and related of waht you said, Kazaa don't block file
downloading request directly trough http even if there is set a limit on
uploads conections on Trafic Settings... what does limit the anonymous
connections is to restrict the bandwith on Advanced Settings...

Carlos Gaona U.

----- Original Message -----
From: "Jackal" <-jackal-@libero.it>
To: "Carlos Gaona" <cgaonauat_private>
Sent: Monday, February 04, 2002 12:35 PM
Subject: Re: Reported Kazaa and Morpheus vulnerabilities


> ----- Original Message -----
> From: "Carlos Gaona" <cgaonauat_private>
> To: "Vuln-Dev" <vuln-devat_private>
> Cc: "HarryM" <harrym@the-group.org>
> Sent: Monday, February 04, 2002 10:07 AM
> Subject: Reported Kazaa and Morpheus vulnerabilities
>
> ---- snip ---
> > As ar as i know there is no security
> > threat compromising files beyond the ones that are already share. Once
you
> > download a file trough, the software detected and process it normaly.
> There
> > isn't (as far as i know) anything like " ../ " path problems or unicode
> > related... and i "think" a DoS is not probable.
> ---- snip ----
> >
> >  Carlos Gaona U.
> >  ndr113at_private
>
>
> Create a DoS attack for Morpheus/Kazaa is quite simple.
> Infact only the connections made from other users with
> the same application can be regulated and detected from
> the client.
> Anonimous connections (directly at 1214/tcp port)
> cannot be detected even by most personal firewalls
> such Zone Alarm, 'cause Morpheus/Kazaa needs to
> be in totaly "Allowed zone" to open connections to
> outside sources.
> This "architecture" let us to flood this little web server
> with HTTP requests, in order to use all the available
> bandwidth and block Internet access on the target host.
> Each connection, infact, will generate a socket in
> "TIME_WAIT" status on 1214/tcp port (however visible
> with a simple NETSTAT command on the target host)
> that will cause the saturation of net resources.
> Some months ago, Paul Godfrey (PaulGat_private)
> coded a Morpheus/Kazaa Denial of service in Perl...
> u can find it on Packetstorm site.
> Moreover, u can get a deeper knowledge of Morpheus/Kazaa
> architecture at:
> http://www.openp2p.com/pub/a/p2p/2001/07/02/morpheus.html?page=2
> Kindly Regards,
>
>
> Stefano Mele aka The Jackal
> < -jackal-@libero.it >
>
>

Next message: Stanley G. Bubrouski: "Re: Reported Kazaa and Morpheus vulnerabilities"
Previous message: David Litchfield: "Re: Lotus Domino password bypass"
Next in thread: 'dreamwvrat_private': "Re: Reported Kazaa and Morpheus vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Feb 04 2002 - 11:17:52 PST