| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 9 Aug 2004 11:36:31 +0200 From: Radoslav Dejanović <radoslav.dejanovic@...us.hr> To: bugtraq@...urityfocus.com Subject: Re: Winmx Software making calls to Port 25 On Friday 06 August 2004 06:42, Retro Granny wrote: > This activity clearly raises an alarm of a possible backdoor to the > Winmx program. I would appreciate any information on how to proceed > from here. Winmx is yet another P2P software? Some users of P2P networks are behind the firewall. To circumvent this, they often use low ports for communication - there's a fair chance that the company whose bandwidth you're stealing ;) has some ports open for e-mail and web. Therefore, if you they bind their P2P software to port 25 or 80 they might fool company firewall to think it is just some more web pages or email. So what happened to you might just be that you tried to connect to some user that uses port 25 to share files, and your firewall thought it is an outgoing email. Be advised that this might be the other case, that your P2P software is sending some sensitive data about you (but this is a huge problem with all P2P programs and not too easy to avoid, unless you have a source code to check it); capture this packets and take a look at them; they will either be a SMTP message or just another chunk of data sent to other P2P user. -- Radoslav Dejanović Operacijski sustavi d.o.o. http://www.opsus.hr
Powered by blists - more mailing lists