Attention Kazaa Users!!!!

Printable View

January 22nd, 2004, 05:24 AM
cheyenne1212

Attention Kazaa Users!!!!

Hey I was running tenable newt security scanner (similiar to nessus) and got these warnings when kazaa was running.

Code:

The Kazaa / Morpheus HTTP Server is running. This server is used to provide other clients with a connection point. However, it also exposes sensitive system files. Solution: Currently there is no way to limit this exposure. Filter incoming traffic to this port. More Information: http://www.securiteam.com/securitynews/5UP0L2K55W.html Risk factor : Serious Remote host reported that the username used is: cheyenne1212 Plugin ID : 10751 It was possible to make IIS use 100% of the CPU by sending it malformed extension data in the URL requested, preventing him to serve web pages to legitimate clients. Solution : Microsoft has made patches available at : - For Internet Information Server 4.0: http://www.microsoft.com/Downloads/R...eleaseID=20906 - For Internet Information Server 5.0: http://www.microsoft.com/Downloads/R...eleaseID=20904 Risk factor : Serious CVE : CVE-2000-0408 BID : 1190 Plugin ID : 10406 It was possible to crash the Jigsaw web server by requesting /servlet/con about 30 times. A cracker may use this attack to make this service crash continuously. Solution: upgrade your software Risk factor : Medium CVE : CAN-2002-1052 BID : 5258 Plugin ID : 11047 We could crash the WebSphere Edge caching proxy by sending a bad request to the helpout.exe CGI Risk factor : High Solution : Upgrade your web server or remove this CGI. CVE : CAN-2002-1169 BID : 6002 Plugin ID : 11162

Code:

It was possible to kill your web server by reading a MS/DOS device, using a file name like CON\CON, AUX.htm or AUX. A cracker may use this flaw to make your server crash continuously, preventing you from working properly. Solution : upgrade your system or use a HTTP server that filters those names out. Risk factor : High CVE : CVE-2001-0386, CVE-2001-0493, CAN-2001-0391, CVE-2001-0558, CAN-2002-0200, CVE-2000-0168, CAN-2003-0016, CAN-2001-0602 BID : 2622, 2704, 3929, 1043, 2575 Plugin ID : 10930

Just thought I'd let you guys know about that. It kinda caught my eye.
January 22nd, 2004, 05:55 AM
jenjen

there's a real easy fix for all that... don't use kazaa.. or any other p2p app for that matter..

I don't want to sound holier that thou.. but why bother ?
you want warez? go to a warez forum.
you want mp3's ? you can find tons of places that you can download with direct links.
not that I'm against sharing per-se.. I just can't see the need for a p2p app.

I don't really download music unless a friend really wants something they can't find.
but I'm a "googler" .. if I need something, google will find 90 percent of what I'm looking for.

here, try this :

(Cut and paste the following into google )

Parent + directory + mp3 + OR + wma + #artist#

in the search window, Where "artist" is, put in artist or song title.

another variation of this is ..

Go to Google's Advanced Search Page: http://www.google.com/advanced_search?hl=en
There are 4 blank fields at the top of the page. In the first blank, in quotes, put whatever song/artist/style you want to find.
In the second, put "PARENT DIRECTORY".
In the third, put ".mp3 .wma .ogg" (any file format you want )
In the fourth, you can put in things to exclude (this helps filter out useless pages).

modify whatever else fancies you, and click search.. :D
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
edit : I forgot to add this and will probably make a new thread for it but..
see this.. >> http://www.twistermp3.com/

Quote:

Twister is a free internet program to find and download MP3 and other music files.
Twister uses the top search engines available today.
Twister is compatible with the major music players such as Media Player, WinAmp and Sonique.
Twister is completely free !

Some of the features that make Twister your choice for downloading music on the internet:

thousands of music files (MP3, real audio, ...)
real-time verification of search results
fast direct downloads
built-in play list
runs on Windows 95, 98, NT, 2000, Me, XP
easy as 1-2-3
completely free
no popup windows
January 22nd, 2004, 02:01 PM
pooh sun tzu

Disable file sharing on kazaa lite ++ and shut down that port 1214 via the kazaa configurations, problem solved, and the p2p app still works perfectly.
January 22nd, 2004, 02:54 PM
tfunk

FYI- Twister does come bundled with an "offer companion" that must be installed to install twister...That being the case, in my opinion it does include spyware
January 22nd, 2004, 03:01 PM
Negative

JenJen > While we all know that p2p-applications like kazaa are mostly used to illegally share files, there is nothing illegal about the application itself, nor is there anything illegal about the p2p-concept. If you use the application to download copyrighted software/music, that still doesn't make the software itself illegal. The Google-method you described will return result that allow you to illegally download software/music. That doesn't make Google illegal.
I don't see your reasoning...

Kazaa Lite in its default configuration comes with port 1214 disabled, and doesn't make your computer a supernode (and being a supernode is what causes the problem described by cheyenne).
January 22nd, 2004, 03:14 PM
steve.milner

Negative - I don't see where JenJen has said it's illegal, just that they don't see the point of using p2p.

Steve
January 22nd, 2004, 03:30 PM
cheyenne1212

Now actually guys, I don't share files, or act as a supernode.

I make sure thats disabled.
January 22nd, 2004, 03:34 PM
groovicus

Since it goes with the topic:

http://msn-cnet.com.com/2100-1027_3-...8&tag=msn_home
January 22nd, 2004, 09:25 PM
VAMPIRE_GOD

what about iMesh?
January 23rd, 2004, 12:31 AM
MrBabis

Heh.
I getting my IP blocked in few huors efter i used kazaa :(
I can use my p2p's just sometimes and have hope that i will not be blocked agane.
.....
iMesh is almost same as kazaa, it used same prtotocol to handle connections as kazaa.
Kazaa Lite includes "IP Blocker" that you can update so it makes you "safe", and do'nt includes any adds or spywares.
January 23rd, 2004, 10:00 AM
Fatphantom

Quote:

Kazaa Lite includes "IP Blocker" that you can update so it makes you "safe", and do'nt includes any adds or spywares.

You should take a look at Peer Guardian. It blocks all the bad IPs, and its updated more frequently.
http://www.peerguardian.net/
January 23rd, 2004, 05:33 PM
pooh sun tzu

ipblocker, peer guardian, none of that matters if you turn off sharing.
January 23rd, 2004, 06:52 PM
bpiedlow

Quote:

ipblocker, peer guardian, none of that matters if you turn off sharing.

Firstly, you also need to turn off the 'function as a supernode'.

Also, simply turning file sharing off isn't good enough, you must also verify it stays off as there are multiple ways for it to get turned on without you doing so. For example - duster.b virus would automatically turn it on if you became infected.

Just as quick fyi,

RRP
January 23rd, 2004, 07:06 PM
pooh sun tzu

I've never, in my entire life, seen Kazaa lite ++ settings change without me manually doing it. Do you have any documentation, linkage, or recreatable situations for us to verify? Color me curious.
January 23rd, 2004, 07:56 PM
groovicus

Quote:

I've never, in my entire life, seen Kazaa lite ++ settings change without me manually doing it.

I guess that means it couldn't happen. :rolleyes: I'm sorry, life just does not often work in absolutes.

One of the first versions of kazaa lite I ever downloaded was, shall we say, enhanced in undesirable ways? The only reason I noticed was because settings were changing without me pushing the buttons.
January 23rd, 2004, 08:02 PM
pooh sun tzu

groove, you seem to have missed the rest of my sentance. The first statement was a fact, the rest was me asking him if he had documentation I could read so I could understand where he came from, and if in fact is was plausible. No need to be sarcastic with me :) If he can offer evidence and recreate the situations thats perfectly fine, but if not, then we have to leave that up to user error (ie. allowing a virus on your box in the first place) and not a kazaa setting.
January 23rd, 2004, 08:20 PM
groovicus

Actually, the second sentence had really nothing to do with my response, therefore I didn't comment on it.

Your quote "I've never, in my entire life, seen Kazaa lite ++ settings change without me manually doing it' insinuates that it can't happen. You reinforce that opinion with this quote from your next post : " then we have to leave that up to user error and not a kazaa setting."

Am I still following you? All I am trying to say is that it can indeed happen, especially if your version of whatever application you care to use has been altered in some way to, for example, use your box as a proxy.

Another example, just for fun. A lot of people are fond of saying sarcastically, "I'll do what you want when 1000 screaming monkeys come flying out of my butt." We take it to mean that since it will never happen, I'll never have to do what you want. Sounds pretty absolute. Never say never though.

My niece calls her flatulence "screaming monkeys." I don't know where she learned that, probably her dad. Point is, that although she is only seven years old, I'd wager that by now at least 1000 screaming monkeys have indeed passed out her digestive tract.

Can I recreate the situation where Kazaa settings changed? No, because I would be silly to put that same version back on my computer (if I could even find it again) . It could, I suppose, be construed as user error (although that would be stretching it), I really should have known better. But I didn't.

User error is only one among a number of variables that can affect software operation. My point was merely that there are few instances in life where things are a "sure bet"
January 23rd, 2004, 08:27 PM
souleman

pooh>

Quote:

- Through KaZaA Duster.B looks for the default shared folder of this file sharing program. If this folder is not shared, it modifies an entry in the Windows Registry in order to share it. Then, it infects all the PE files it finds in the shared folder by adding its code to the beginning of them. When other users access these files remotely, they will download the files infected by Duster.B, thinking that they are useful computer programs, images, etc. However, when they run the downloaded file, their computers will also be infected by Duster.B.

found... many places with a google search on duster.b and kazaa
January 23rd, 2004, 08:28 PM
pooh sun tzu

I am basing this off of my experience, the experience of others(including my wife), and the stories of the people who have problems. Kazaa lite has always been a decent program without spyware or build in proxy ports. IF you downloaded one that did, then it was not the actual Kazaa lite, and thus user error. If you let a virus get on your computer and it modified Kazaa, that is user error. I am insuniating that in all my years of using Kazaa lite (++) I've never had one person complain to me that it did such thing without it being something they did that was dumb, and in no way related to origonal operation of Kazaa.

I am also not saying that it can not happen, but have never seen it happen to anyone I know that uses it, or from software review posts across the web. Thus why I said "Seen" in my post. If it is recreatable, with the actuall Kazaa Lite Software (and not user error, downloading a non official, bugged version), then I will more than happily agree that Kazaa settings may in fact be able to be changed.

But until I see documentation, links, and reports, his statements are nothing more than statements. And don't try to say a Virus can do it, because if someone is user error prone enough to allow one on their system, they shouldn't be using kazaa in the first place.

EDIT: I can see how this post might come off as "holier than thou" or snotty, but know that I don't mean it to be. I am honestly asking for documentation of cases (not virus related) in which Kazaa lite suddenly changes settings. :) I honestly want to know. The reason why I won't listen to virus reports is because the origonal argument of "You should always check in case a virus changes it" would apply to every single bit of software in existance, and is a no-brainer. You can not preassume a virus is going to be running all of the time and thus settings are going to be changed. In his origonal statement, it would be like saying "Yes, you can set it, but you should ALWAYS double check your outlook,msn,aim,mozilla,firebird,windows,xmms,winamp,etc etc settings before using them. Let's draw the line over user error :)
January 23rd, 2004, 09:37 PM
Tedob1

i dont know if you noticed but the link for more information:

http://www.securiteam.com/securitynews/5UP0L2K55W.html

was written in 2001

As jenjen illustrated, those that know what their doing can always get what they want. those that only know how to use a GUI p2p app are making it miserable for everyone else, hogging bandwidth and causing more government involvement in the internet