Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Attention Kazaa Users!!!!

  1. #1
    Senior Member
    Join Date
    Feb 2003
    Memphis, TN

    Attention Kazaa Users!!!!

    Hey I was running tenable newt security scanner (similiar to nessus) and got these warnings when kazaa was running.

    The Kazaa / Morpheus HTTP Server is running.
    This server is used to provide other clients with a
    connection point. However, it also exposes sensitive system files.
    Solution: Currently there is no way to limit this exposure.
    Filter incoming traffic to this port.
    More Information:
    Risk factor : Serious
    Remote host reported that the username used is: cheyenne1212
    Plugin ID : 10751 
     It was possible to make IIS use 100% of the CPU by
    sending it malformed extension data in the URL
    requested, preventing him to serve web pages
    to legitimate clients.
    Solution : Microsoft has made patches available at :
    - For Internet Information Server 4.0:
    - For Internet Information Server 5.0:
    Risk factor : Serious
    CVE : CVE-2000-0408
    BID : 1190
    Plugin ID : 10406 
     It was possible to crash the Jigsaw web 
    server by requesting /servlet/con about 30 times.
    A cracker may use this attack to make this
    service crash continuously.
    Solution: upgrade your software
    Risk factor : Medium
    CVE : CAN-2002-1052
    BID : 5258
    Plugin ID : 11047 
     We could crash the WebSphere Edge caching proxy by sending a 
    bad request to the helpout.exe CGI
    Risk factor : High
    Solution : Upgrade your web server or remove this CGI.
    CVE : CAN-2002-1169
    BID : 6002
    Plugin ID : 11162
    It was possible to kill your web server by
    reading a MS/DOS device, using a file name like 
    CON\CON, AUX.htm or AUX.
    A cracker may use this flaw to make your server crash 
    continuously, preventing you from working properly.
    Solution : upgrade your system or use a 
    HTTP server that filters those names out.
    Risk factor : High
    CVE : CVE-2001-0386, CVE-2001-0493, CAN-2001-0391, CVE-2001-0558, CAN-2002-0200, CVE-2000-0168, CAN-2003-0016, CAN-2001-0602
    BID : 2622, 2704, 3929, 1043, 2575
    Plugin ID : 10930
    Just thought I'd let you guys know about that. It kinda caught my eye.

  2. #2
    there's a real easy fix for all that... don't use kazaa.. or any other p2p app for that matter..

    I don't want to sound holier that thou.. but why bother ?
    you want warez? go to a warez forum.
    you want mp3's ? you can find tons of places that you can download with direct links.
    not that I'm against sharing per-se.. I just can't see the need for a p2p app.

    I don't really download music unless a friend really wants something they can't find.
    but I'm a "googler" .. if I need something, google will find 90 percent of what I'm looking for.

    here, try this :

    (Cut and paste the following into google )

    Parent + directory + mp3 + OR + wma + #artist#

    in the search window, Where "artist" is, put in artist or song title.

    another variation of this is ..

    Go to Google's Advanced Search Page:
    There are 4 blank fields at the top of the page. In the first blank, in quotes, put whatever song/artist/style you want to find.
    In the second, put "PARENT DIRECTORY".
    In the third, put ".mp3 .wma .ogg" (any file format you want )
    In the fourth, you can put in things to exclude (this helps filter out useless pages).

    modify whatever else fancies you, and click search..
    edit : I forgot to add this and will probably make a new thread for it but..
    see this.. >>

    Twister is a free internet program to find and download MP3 and other music files.
    Twister uses the top search engines available today.
    Twister is compatible with the major music players such as Media Player, WinAmp and Sonique.
    Twister is completely free !

    Some of the features that make Twister your choice for downloading music on the internet:

    thousands of music files (MP3, real audio, ...)
    real-time verification of search results
    fast direct downloads
    built-in play list
    runs on Windows 95, 98, NT, 2000, Me, XP
    easy as 1-2-3
    completely free
    no popup windows

  3. #3
    Disable file sharing on kazaa lite ++ and shut down that port 1214 via the kazaa configurations, problem solved, and the p2p app still works perfectly.

  4. #4
    Junior Member
    Join Date
    Jun 2003
    FYI- Twister does come bundled with an "offer companion" that must be installed to install twister...That being the case, in my opinion it does include spyware

  5. #5
    Join Date
    Aug 2001
    JenJen > While we all know that p2p-applications like kazaa are mostly used to illegally share files, there is nothing illegal about the application itself, nor is there anything illegal about the p2p-concept. If you use the application to download copyrighted software/music, that still doesn't make the software itself illegal. The Google-method you described will return result that allow you to illegally download software/music. That doesn't make Google illegal.
    I don't see your reasoning...

    Kazaa Lite in its default configuration comes with port 1214 disabled, and doesn't make your computer a supernode (and being a supernode is what causes the problem described by cheyenne).

  6. #6
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Negative - I don't see where JenJen has said it's illegal, just that they don't see the point of using p2p.

    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire.

  7. #7
    Senior Member
    Join Date
    Feb 2003
    Memphis, TN
    Now actually guys, I don't share files, or act as a supernode.

    I make sure thats disabled.

  8. #8

  9. #9
    Junior Member
    Join Date
    Feb 2003
    what about iMesh?
    There are only two things which are finite, one is the universe and the second is the human stupidity.

  10. #10
    Senior Member
    Join Date
    Oct 2003
    I getting my IP blocked in few huors efter i used kazaa
    I can use my p2p's just sometimes and have hope that i will not be blocked agane.
    iMesh is almost same as kazaa, it used same prtotocol to handle connections as kazaa.
    Kazaa Lite includes "IP Blocker" that you can update so it makes you "safe", and do'nt includes any adds or spywares.
    // too far away outside of limit

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts