Attention Kazaa Users!!!!

[cheyenne1212]

Hey I was running tenable newt security scanner (similiar to nessus) and got these warnings when kazaa was running.

Code:

The Kazaa / Morpheus HTTP Server is running.
This server is used to provide other clients with a
connection point. However, it also exposes sensitive system files.


Solution: Currently there is no way to limit this exposure.
Filter incoming traffic to this port.

More Information: http://www.securiteam.com/securitynews/5UP0L2K55W.html

Risk factor : Serious

Remote host reported that the username used is: cheyenne1212


Plugin ID : 10751 
 
 
 It was possible to make IIS use 100% of the CPU by
sending it malformed extension data in the URL
requested, preventing him to serve web pages
to legitimate clients.


Solution : Microsoft has made patches available at :
- For Internet Information Server 4.0:
http://www.microsoft.com/Downloads/R...eleaseID=20906
- For Internet Information Server 5.0:
http://www.microsoft.com/Downloads/R...eleaseID=20904

Risk factor : Serious
CVE : CVE-2000-0408
BID : 1190


Plugin ID : 10406 
 
 
 It was possible to crash the Jigsaw web 
server by requesting /servlet/con about 30 times.

A cracker may use this attack to make this
service crash continuously.



Solution: upgrade your software

Risk factor : Medium
CVE : CAN-2002-1052
BID : 5258


Plugin ID : 11047 
 
 
 We could crash the WebSphere Edge caching proxy by sending a 
bad request to the helpout.exe CGI


Risk factor : High

Solution : Upgrade your web server or remove this CGI.
CVE : CAN-2002-1169
BID : 6002


Plugin ID : 11162

Code:

It was possible to kill your web server by
reading a MS/DOS device, using a file name like 
CON\CON, AUX.htm or AUX.

A cracker may use this flaw to make your server crash 
continuously, preventing you from working properly.


Solution : upgrade your system or use a 
HTTP server that filters those names out.

Risk factor : High
CVE : CVE-2001-0386, CVE-2001-0493, CAN-2001-0391, CVE-2001-0558, CAN-2002-0200, CVE-2000-0168, CAN-2003-0016, CAN-2001-0602
BID : 2622, 2704, 3929, 1043, 2575


Plugin ID : 10930

Just thought I'd let you guys know about that. It kinda caught my eye.

[jenjen]

there's a real easy fix for all that... don't use kazaa.. or any other p2p app for that matter..

I don't want to sound holier that thou.. but why bother ?
you want warez? go to a warez forum.
you want mp3's ? you can find tons of places that you can download with direct links.
not that I'm against sharing per-se.. I just can't see the need for a p2p app.


I don't really download music unless a friend really wants something they can't find.
but I'm a "googler" .. if I need something, google will find 90 percent of what I'm looking for.

here, try this :

(Cut and paste the following into google )

Parent + directory + mp3 + OR + wma + #artist#

in the search window, Where "artist" is, put in artist or song title.

another variation of this is ..

Go to Google's Advanced Search Page: http://www.google.com/advanced_search?hl=en
There are 4 blank fields at the top of the page. In the first blank, in quotes, put whatever song/artist/style you want to find.
In the second, put "PARENT DIRECTORY".
In the third, put ".mp3 .wma .ogg" (any file format you want )
In the fourth, you can put in things to exclude (this helps filter out useless pages).

modify whatever else fancies you, and click search..
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
edit : I forgot to add this and will probably make a new thread for it but..
see this.. >> http://www.twistermp3.com/

Twister is a free internet program to find and download MP3 and other music files.
Twister uses the top search engines available today.
Twister is compatible with the major music players such as Media Player, WinAmp and Sonique.
Twister is completely free !

Some of the features that make Twister your choice for downloading music on the internet:

thousands of music files (MP3, real audio, ...)
real-time verification of search results
fast direct downloads
built-in play list
runs on Windows 95, 98, NT, 2000, Me, XP
easy as 1-2-3
completely free
no popup windows

[pooh sun tzu]

Disable file sharing on kazaa lite ++ and shut down that port 1214 via the kazaa configurations, problem solved, and the p2p app still works perfectly.

[tfunk]

FYI- Twister does come bundled with an "offer companion" that must be installed to install twister...That being the case, in my opinion it does include spyware

[Negative]

JenJen > While we all know that p2p-applications like kazaa are mostly used to illegally share files, there is nothing illegal about the application itself, nor is there anything illegal about the p2p-concept. If you use the application to download copyrighted software/music, that still doesn't make the software itself illegal. The Google-method you described will return result that allow you to illegally download software/music. That doesn't make Google illegal.
I don't see your reasoning...

Kazaa Lite in its default configuration comes with port 1214 disabled, and doesn't make your computer a supernode (and being a supernode is what causes the problem described by cheyenne).

[steve.milner]

Negative - I don't see where JenJen has said it's illegal, just that they don't see the point of using p2p.

Steve

[cheyenne1212]

Now actually guys, I don't share files, or act as a supernode.

I make sure thats disabled.

[groovicus]

Since it goes with the topic:

http://msn-cnet.com.com/2100-1027_3-...8&tag=msn_home

[VAMPIRE_GOD]

what about iMesh?

[MrBabis]

Heh.
I getting my IP blocked in few huors efter i used kazaa
I can use my p2p's just sometimes and have hope that i will not be blocked agane.
.....
iMesh is almost same as kazaa, it used same prtotocol to handle connections as kazaa.
Kazaa Lite includes "IP Blocker" that you can update so it makes you "safe", and do'nt includes any adds or spywares.