January 22nd, 2004, 04:24 AM
Attention Kazaa Users!!!!
Hey I was running tenable newt security scanner (similiar to nessus) and got these warnings when kazaa was running.
The Kazaa / Morpheus HTTP Server is running.
This server is used to provide other clients with a
connection point. However, it also exposes sensitive system files.
Solution: Currently there is no way to limit this exposure.
Filter incoming traffic to this port.
More Information: http://www.securiteam.com/securitynews/5UP0L2K55W.html
Risk factor : Serious
Remote host reported that the username used is: cheyenne1212
Plugin ID : 10751
It was possible to make IIS use 100% of the CPU by
sending it malformed extension data in the URL
requested, preventing him to serve web pages
to legitimate clients.
Solution : Microsoft has made patches available at :
- For Internet Information Server 4.0:
- For Internet Information Server 5.0:
Risk factor : Serious
CVE : CVE-2000-0408
BID : 1190
Plugin ID : 10406
It was possible to crash the Jigsaw web
server by requesting /servlet/con about 30 times.
A cracker may use this attack to make this
service crash continuously.
Solution: upgrade your software
Risk factor : Medium
CVE : CAN-2002-1052
BID : 5258
Plugin ID : 11047
We could crash the WebSphere Edge caching proxy by sending a
bad request to the helpout.exe CGI
Risk factor : High
Solution : Upgrade your web server or remove this CGI.
CVE : CAN-2002-1169
BID : 6002
Plugin ID : 11162
Just thought I'd let you guys know about that. It kinda caught my eye.
It was possible to kill your web server by
reading a MS/DOS device, using a file name like
CON\CON, AUX.htm or AUX.
A cracker may use this flaw to make your server crash
continuously, preventing you from working properly.
Solution : upgrade your system or use a
HTTP server that filters those names out.
Risk factor : High
CVE : CVE-2001-0386, CVE-2001-0493, CAN-2001-0391, CVE-2001-0558, CAN-2002-0200, CVE-2000-0168, CAN-2003-0016, CAN-2001-0602
BID : 2622, 2704, 3929, 1043, 2575
Plugin ID : 10930
January 22nd, 2004, 04:55 AM
there's a real easy fix for all that... don't use kazaa.. or any other p2p app for that matter..
I don't want to sound holier that thou.. but why bother ?
you want warez? go to a warez forum.
you want mp3's ? you can find tons of places that you can download with direct links.
not that I'm against sharing per-se.. I just can't see the need for a p2p app.
I don't really download music unless a friend really wants something they can't find.
but I'm a "googler" .. if I need something, google will find 90 percent of what I'm looking for.
here, try this :
(Cut and paste the following into google )
Parent + directory + mp3 + OR + wma + #artist#
in the search window, Where "artist" is, put in artist or song title.
another variation of this is ..
Go to Google's Advanced Search Page: http://www.google.com/advanced_search?hl=en
There are 4 blank fields at the top of the page. In the first blank, in quotes, put whatever song/artist/style you want to find.
In the second, put "PARENT DIRECTORY".
In the third, put ".mp3 .wma .ogg" (any file format you want )
In the fourth, you can put in things to exclude (this helps filter out useless pages).
modify whatever else fancies you, and click search..
edit : I forgot to add this and will probably make a new thread for it but..
see this.. >> http://www.twistermp3.com/
Twister is a free internet program to find and download MP3 and other music files.
Twister uses the top search engines available today.
Twister is compatible with the major music players such as Media Player, WinAmp and Sonique.
Twister is completely free !
Some of the features that make Twister your choice for downloading music on the internet:
thousands of music files (MP3, real audio, ...)
real-time verification of search results
fast direct downloads
built-in play list
runs on Windows 95, 98, NT, 2000, Me, XP
easy as 1-2-3
no popup windows
January 22nd, 2004, 01:01 PM
Disable file sharing on kazaa lite ++ and shut down that port 1214 via the kazaa configurations, problem solved, and the p2p app still works perfectly.
January 22nd, 2004, 01:54 PM
FYI- Twister does come bundled with an "offer companion" that must be installed to install twister...That being the case, in my opinion it does include spyware
January 22nd, 2004, 02:01 PM
JenJen > While we all know that p2p-applications like kazaa are mostly used to illegally share files, there is nothing illegal about the application itself, nor is there anything illegal about the p2p-concept. If you use the application to download copyrighted software/music, that still doesn't make the software itself illegal. The Google-method you described will return result that allow you to illegally download software/music. That doesn't make Google illegal.
I don't see your reasoning...
Kazaa Lite in its default configuration comes with port 1214 disabled, and doesn't make your computer a supernode (and being a supernode is what causes the problem described by cheyenne).
January 22nd, 2004, 02:14 PM
Negative - I don't see where JenJen has said it's illegal, just that they don't see the point of using p2p.
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
January 22nd, 2004, 02:30 PM
Now actually guys, I don't share files, or act as a supernode.
I make sure thats disabled.
January 22nd, 2004, 02:34 PM
January 22nd, 2004, 08:25 PM
There are only two things which are finite, one is the universe and the second is the human stupidity.
January 22nd, 2004, 11:31 PM
I getting my IP blocked in few huors efter i used kazaa
I can use my p2p's just sometimes and have hope that i will not be blocked agane.
iMesh is almost same as kazaa, it used same prtotocol to handle connections as kazaa.
Kazaa Lite includes "IP Blocker" that you can update so it makes you "safe", and do'nt includes any adds or spywares.
// too far away outside of limit