Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: things to break..

From: sebastion () IRELANDMAIL COM (Jeff Bachtel)
Date: Mon, 24 Jan 2000 00:22:24 -0600

Napster has a "feature" where it will decide the proper port on which
to operate, especially if you are behind a firewall.

Therefore, their server scans you, and ports that you are reachable on
(but which are not actually running a service on your machine) are
pegged as useable by napster for serving mp3's.

This is obviously a problem, Napster found out that my NT workstation
could be reached on port 80 through a campus firewall, and proceeded
to set itself up in that configuration, however that is definately
against our firewall policy (no, I don't expect napster to read minds,
just to be more explicit about what its doing and why).

I haven't looked at the code for the linux napster client yet (is it
even freely available?), but if they don't submit their code and
protocol for peer review, I at least won't be using their product
(being more than aware what has happened due to Mirabilis' approach to
security through obscurity)

jeff

On Sun, Jan 23, 2000 at 10:55:09PM -0600, Matthew S. Hallacy wrote:

speaking of napster, it seems that it portscans you upon connection to
their server, the firewall where i work kept setting off my pager and I
found that it was someone loading napster. I've since banned the use of
it, but it's still quite curious..

On Sun, 23 Jan 2000 Inedag () AOL COM wrote:


since we're on the topic, how about napster?  that's in use by a bazillion
people .. although i don't know how fair that'd be to the napster people, as
i think they're still in beta.  just a suggestion.

-i
Previous By Date Next
Previous By Thread Next

Current thread: