The OpenNET Project / Index page
BSD, Linux, Cisco, Web, Palm, other unix
RUSSIAN version

Search
Выпущена CD-версия OpenNet.RU для оффлайн просмотра.
Для формирования заказа - перейдите по ссылке
.
SOFT - Unix Software catalog
LINKS - Unix resources
TOPIC - Articles from usenet
DOCUMENTATION - Unix guides
News | Tips | MAN | Forum | BUGs | LastSoft | Keywords | BOOKS (selected) | Linux HowTo | FAQ Archive

KaZaa/Morpheus non-exploits


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Tue, 4 Sep 2001 00:42:47 +0200 (CEST)
From: Walter Hop <walter@binity.com>
To: bugtraq@securityfocus.com
Subject: KaZaa/Morpheus non-exploits


  [In the past weeks, there have been several reports of "exploits" in
   the Kazaa/Morpheus filesharing programs. The original thread has been
   killed, but since the original messages might come up in search
   engines, I thought it still relevant to explain further that these
   are not exploits and there currently is no proof that running the
   Morpheus client is dangerous.]

Instead of using an own proprietary protocol, the file-sharing program
Morpheus uses a light-weight HTTP server which is reachable at
http://yourip:1214/ (this should work on Windows 2000 systems as well).
HTTP is used for getting filelists and transferring files. As a nice
side effect, this enables non-Morpheus-users to retrieve files from
Morpheus clients. Some of the HTTP headers display the username, network
name, and node that the Morpheus client is connected to:

> X-Kazaa-Username: {USER NAME HERE}
> X-Kazaa-Network: MusicCity
> X-Kazaa-IP: morpheus.users.ip.address:1214
> X-Kazaa-SupernodeIP: supernode.ip.address:1214

Originally this was used for their browser-based file search tool; this
tool has since disappeared from their website.

Details on Morpheus' architecture can be found here:
http://www.openp2p.com/pub/a/p2p/2001/07/02/morpheus.html?page=2

A negative comment must be made: this feature is poorly documented. I
think not many kids running Morpheus actually know that they have a
web-server running which exposes their user-ID and their files to the
world. (Although I doubt that even when it was documented, people would
actually take the time to read and understand it.)

A firewall could be used to deny these incoming HTTP requests to port
1214; this will also disable transfers to/from some users. (If I recall
correctly, Morpheus does support a "passive" scheme; but at least one of
the two peers involved must accept incoming HTTP requests at the port,
in order for a connection to be established.)

-- 
 Walter Hop <walter@binity.com> | +31 6 24290808 | PGP key ID: 0x84813998

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Закладки
Добавить в закладки
Created 1996-2003 by Maxim Chirkov  
ДобавитьРекламаВебмастеруЦУПГИД  
SpyLOG TopList