----- Original Message ----- From: "Carlos Gaona" <cgaonauat_private> To: "Vuln-Dev" <vuln-devat_private> Cc: "HarryM" <harrym@the-group.org> Sent: Monday, February 04, 2002 10:07 AM Subject: Reported Kazaa and Morpheus vulnerabilities ---- snip --- > As ar as i know there is no security > threat compromising files beyond the ones that are already share. Once you > download a file trough, the software detected and process it normaly. There > isn't (as far as i know) anything like " ../ " path problems or unicode > related... and i "think" a DoS is not probable. ---- snip ---- > > Carlos Gaona U. > ndr113at_private Create a DoS attack for Morpheus/Kazaa is quite simple. Infact only the connections made from other users with the same application can be regulated and detected from the client. Anonimous connections (directly at 1214/tcp port) cannot be detected even by most personal firewalls such Zone Alarm, 'cause Morpheus/Kazaa needs to be in totaly "Allowed zone" to open connections to outside sources. This "architecture" let us to flood this little web server with HTTP requests, in order to use all the available bandwidth and block Internet access on the target host. Each connection, infact, will generate a socket in "TIME_WAIT" status on 1214/tcp port (however visible with a simple NETSTAT command on the target host) that will cause the saturation of net resources. Some months ago, Paul Godfrey (PaulGat_private) coded a Morpheus/Kazaa Denial of service in Perl... u can find it on Packetstorm site. Moreover, u can get a deeper knowledge of Morpheus/Kazaa architecture at: http://www.openp2p.com/pub/a/p2p/2001/07/02/morpheus.html?page=2 Kindly Regards, Stefano Mele aka The Jackal < -jackal-@libero.it >
This archive was generated by hypermail 2b30 : Tue Feb 05 2002 - 08:59:00 PST