Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

KaZaa/Morpheus non-exploits

From: Walter Hop <walter () binity com>
Date: Tue, 4 Sep 2001 00:42:47 +0200 (CEST)

  [In the past weeks, there have been several reports of "exploits" in
   the Kazaa/Morpheus filesharing programs. The original thread has been
   killed, but since the original messages might come up in search
   engines, I thought it still relevant to explain further that these
   are not exploits and there currently is no proof that running the
   Morpheus client is dangerous.]

Instead of using an own proprietary protocol, the file-sharing program
Morpheus uses a light-weight HTTP server which is reachable at
http://yourip:1214/ (this should work on Windows 2000 systems as well).
HTTP is used for getting filelists and transferring files. As a nice
side effect, this enables non-Morpheus-users to retrieve files from
Morpheus clients. Some of the HTTP headers display the username, network
name, and node that the Morpheus client is connected to:


X-Kazaa-Username: {USER NAME HERE}
X-Kazaa-Network: MusicCity
X-Kazaa-IP: morpheus.users.ip.address:1214
X-Kazaa-SupernodeIP: supernode.ip.address:1214


Originally this was used for their browser-based file search tool; this
tool has since disappeared from their website.

Details on Morpheus' architecture can be found here:
http://www.openp2p.com/pub/a/p2p/2001/07/02/morpheus.html?page=2

A negative comment must be made: this feature is poorly documented. I
think not many kids running Morpheus actually know that they have a
web-server running which exposes their user-ID and their files to the
world. (Although I doubt that even when it was documented, people would
actually take the time to read and understand it.)

A firewall could be used to deny these incoming HTTP requests to port
1214; this will also disable transfers to/from some users. (If I recall
correctly, Morpheus does support a "passive" scheme; but at least one of
the two peers involved must accept incoming HTTP requests at the port,
in order for a connection to be established.)

-- 
 Walter Hop <walter () binity com> | +31 6 24290808 | PGP key ID: 0x84813998
Previous By Date Next
Previous By Thread Next

Current thread: