As if my life isn't hard enough....


This P2P is designed to protect the P2P user and circumvent all known methods of blocking peer apps. Get ready for the fun.


Here is a snip from the website:

"sdES5 breaks new ground by providing fast file sharing and downloading with stealth technology to hide your ip address and prevent harrassment. ES5 uses proxy servers and SSL encryption (Secure Sockets) to transfer files. No one but you knows where a file is going and no one but you and your sharee know what was transferred. A wealth of other features include: Preview files while they are downloading to find out in minutes that you dont want a file that might take hours to download. Uses random ports so your ISP cannot limit your bandwidth by traffic type nor can anyone.scan your system and know you are using ES5. Uses SSL so your ISP or admin cannot know what you are transferring. "

http://www.zeropaid.com/es5/

This is the official site for EarthStation 5:
[url]http://www.earthstation5.com/download.html[url]
:mad:

Interesting. Might be a little hard to block. If we catch anyone using P2P or any programs on our "bad programs" list we set them up in their own OU and set the "Run only specified apps" Group Policy Object. (Thus not allowing them to start any .exe we dont specify) We are a smaller shop though and can do this easily.

Comes with a build in webserver:

"• Integrated Web Server Makes Sharing “Sets” of Files Easy. Sometimes you want to share a "set" of files that all belong together, files that interlink and have relation to one another. The most efficient way to do this is for these files to be placed on a ãwebsite.ä To facilitate this, ES5 provides its users with a built in web server to permit the user to create a ãwebsiteä for these linked files. The files shared through a userâs ES5 web server will appear when someone searches the ES5 network. When located, the ES5 downloader accesses the users own ES5 website through the ES5 integrated web browser. For additional security, users can place passwords on their ES5 enabled web site providing access only to other users granted permission to do so. "

Wonder if this will cause problems with users on the net with a cable connection and no firewall?

Sounds like a good P2P program...looks like they planned everything out and r fightin the RIAA. Wonder how many holes this program will have and open.

I'm downloading it right now.

I gotta see if it really does what they say it does.

I'll post again when I get it going.

[edit]

Heres the Pic of the part where you can search for files.

this is probably a stupid question but how does es5 make money if they dont have an banner adds, pop ups adds, or spyware that goes along with their software?

Good question eskimo. I really like the way it looks tho....I think it's cool. I'm on P2P's side, so I'm loving all the new features (stealth stuff) but I can see how an admin wouldn't like it....

I was wondering when something like this would come out. The guys at CDC have had a prject application that tunnels through censored networks. *cough-china* For a while now I have been wonderingwhat event (RIAA) and what applications would lead the rest of the world to adobt similar ideals and measures.

As to how they make money? Not everyone is out for some of the green stuff. Maybe their motivations are freedom and open source idealogy.

I'm not sure of their monetary motivators but I can tell you that as a Security Engineer, this is going to be a serious pain in the a$$.

Think about it. How the hell would you discover this on your network? Protocol analyzers will be useless, sniffers, yep, they'll be worthless. Firewalls - a trivial joke. If you walk up to the workstation, the damn thing is locked up using PGP keys.

Seems that someone has been doing their homework.

There was a bunch of hype about this several months ago when it wsa first announced , the servers they use are in palestine if i remember right and one or two of the founders are some of the first creators of p2p software. They were going to offer streaming adult movies and a dating service as a bonus. It wasn't nix compatible when it first started so i never checked it out. But it looked quite promising.

I worry how will we have to configure efficiently our firewalls if we use this new p2p client.
It seems to need very flexibles rules in order to work correctly. And It is always dangerous to let p2p programs on a computers without good protections.

I have a little querstion. Here is a quote from the site

PGPDisk - As an additional security feature, to all P2P programs, is that ES5 integrates seamlessly with PGPDisk (which is a free program and will be provided by ES5 to its users) that lets you encrypt your disk drives to store your P2P content. No one except you will ever be able to see your files , not your kids, your spouse, your mother, your boss, the FBI , the KGB or anyone else!

How could that be true i thought PGP could be cracked?

With a good encryption and a good passphrase, PGP can be cracked...after something like 50 years of computer calculations.

I was wondering when something like this would come out.

The idea is not new... it is just now being applied to p2p fileswap programs.

To see a similar project... check out freenet. (http://freenet.sourceforge.net/index.php?page=whatis)

Think about it. How the hell would you discover this on your network? Protocol analyzers will be useless, sniffers, yep, they'll be worthless. Firewalls - a trivial joke. If you walk up to the workstation, the damn thing is locked up using PGP keys.

I was able to install as a "poweruser", but not as just a "user".

Hmm... maybe an asset manager... to audit every workstaiton and then you can create a report for the workstations whose software changed.

I use TrackIT (http://www.blueocean.intuit.com/) to keep track of workstations, system info, help desk calls, software installed on each machine, etc. Nice product... though, I'm not sure the price of it.

The BSA also has some free tools... maybe incorporate them with a logon script and then maybe look for offending or unauthorized programs. I'm not sure if this process can be automated... as I've never used the tools that the BSA offers. I just use TrackIT and then create reports.

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by KissCool
after something like 50 years of computer calculations. Did not know that thx for the info.

And It is always dangerous to let p2p programs on a computers without good protections.

I completly agree with you on this, but check this out:

PGPDisk - As an additional security feature, to all P2P programs, is that ES5 integrates seamlessly with PGPDisk (which is a free program and will be provided by ES5 to its users) that lets you encrypt your disk drives to store your P2P content. No one except you will ever be able to see your files, not your kids, your spouse, your mother, your boss, the FBI, the KGB or anyone else!

go to http://www.earthstation5.com/stealth.html to check out more that es5 has to offer to its users.

EDIT: woops sorry all of these posts came in so fast, i didnt know someone posted the same stuff i posted above me. sorry about that.

I've been playing around with this software, and one thing I don't like about it, is I had to start forwarding ports on my router. So once I start doing this, wouldn't open up several new ways for people to get into my computer using tools such as fpipe?

To me, its not worth the risk

TH13:

pslist -t \\WorkStationName

incorporate this in a script or for loop and run it
periodicly and | it threw find "ProcessName" im sure the
process still shows up.


for /F "tokens=1" %X in (workstations.txt) do pslist -t %X |find "ProcessName" >>some.txt

should tell you if its on the network

haven't tried trackit yet phish but pslist is free from systernals

if someone would be so kind as to supply the process name !?!

Okay, so stopping this is going to be a pain in the @$$

How about preventing it from being installed in the first place.

We could all ask our AV providers to provide extra signature files that identify the apps/install themselves and treat them as a virus - hence the P2P stuff doesn't get onto the network to start with.

Steve

[QUOTE
I was able to install as a "poweruser", but not as just a "user".
[/QUOTE]

this looks like one way to stop it, personally the only people on the business network that are power users are myslef and a manager that has no clue about computers, and even his login is restricted using GPO.

so as long as you set everyones rights to 'user', you should be okay

Dahquim

This kind of thing usually gets me in trouble...... but sometimes the direct approach works....

I wrote the following email to ES5's contact, Ras:

Ras,

While I appreciate the work you have done with ES5 and fully appreciate any and all efforts to thwart the somewhat idiotic attempts by the MPAA and RIAA to have government enforce their own profit gathering I also have a responsibility to my company to enforce it’s policies within our own network. One of those policies is that copyrighted material may not be downloaded and utilized in breach of any law. We are a non-profit organization, (read: we have no money….<s>), and downloading files such as those ES5 would provide causes clogging of our already limited bandwidth and potentially opens my company up to liability should we be discovered. I appreciate that they way you have written ES5 is quite close to “bullet-proof” but my company can still be sued on verbal evidence, (User X goes running around telling the wrong people how he uses ES5 at work and it can’t be stopped or detected).

My question: Is there a consistent signature(s) in the initial packets, or subsequent packets that I, as a systems administrator, can capture with an IDS to alert me to your product’s use?

As I said above, I personally commend you for your work and would recommend your product to any of my users that wish to use a P2P network from their home but I do have a responsibility to my company and I would be negligent should I not try to properly enforce the policies I myself wrote.

Any assistance in this would be greatly appreciated,


I will wait to hear his uncontrollable laughter........ ;)

Ok..... I have played around with it a little..... There's a lot of stuff in it to play with..... :(

For your basic user - or the guy who is on it for the first time there appears to be a method to detect a user.

As they say in their docs they use UDP almost exclusively and packet dumps and firewall logs evidence that - there is a flurry of UDP activity at startup as it tries to contact the "sun" and the other "planets" in the galaxy. The trap is in the fact that these "planets" attempt a TCP SYN on the base filesharing port 37920, (which is blocked at the firewall).

A first time or normal user will fire it up and it will go out looking for a "sun" and "planets" via UDP which, in turn, will check for file sharing thus snort rules written to detect incoming TCP requests on port 37920 or searching the firewall logs for this port incoming should give the sysadmin a warning that someone has the software.

After an advanced user has fired up the software for the first time and gone straight to advanced settings then all bets are off. They can activate secure comms on port 39593 which will probably elicit the same inbound connections to check for file sharing by the other "planets" but everything is configurable.

A properly set up firewall should prevent users from sharing their own files but it is going to be a devil of a job stopping them from d/ling them if they are a bit savvy.

NOTE: This was a quick and dirty look at how it works and is in no way to be considered foolproof...... It's what I saw mine do...... :p


Forget everything after "good morning"..... I just installed it on a second machine..... It selects it's ports randomly.... The only common factor is the flurry of UPD activity when you start it up....<sigh>

I jsut got it working... But i have a problem. I cant figure out how to get it working with stealth mode. One i cant find any proxies anywhere... Two i wouldnt know how to put them in if i did... So i fanyone has figured this out i would apreciate the help greatly. Also there is another p2p app like this called Direct Connect. it works great for me and uses the same idea of non traceable filesharing that ES5 does. Thanx in advance guys...

1. Log into the forums and go to the proxies forum.
2. Pick a list you like.
3. highlight it
4. copy it
5. go to settings - advanced
6. right click the proxy list
7. paste
8. save settings
9. start d/ling.......

I put my test copy on stealth 'cos i don't want things pointing to my work...... :eek:

Interesting concept. I only wish it had a linux client, then I'd be really happy.


--PuRe

Umm and then after that u can go **** urself with a duck and what not... u know beastiality is coming back into style and all.. have fun with it...