lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <200408091136.31307.radoslav.dejanovic@opsus.hr>
Date: Mon, 9 Aug 2004 11:36:31 +0200
From: Radoslav Dejanović <radoslav.dejanovic@...us.hr>
To: bugtraq@...urityfocus.com
Subject: Re: Winmx Software making calls to Port 25


On Friday 06 August 2004 06:42, Retro Granny wrote:

> This activity clearly raises an alarm of a possible backdoor to the
> Winmx program.  I would appreciate any information on how to proceed
> from here.

Winmx is yet another P2P software? 

Some users of P2P networks are behind the firewall. To circumvent this, 
they often use low ports for communication - there's a fair chance that 
the company whose bandwidth you're stealing ;) has some ports open for 
e-mail and web. Therefore, if you they bind their P2P software to port 25 
or 80 they might fool company firewall to think it is just some more web 
pages or email. 

So what happened to you might just be that you tried to connect to some 
user that uses port 25 to share files, and your firewall thought it is an 
outgoing email. 

Be advised that this might be the other case, that your P2P software is 
sending some sensitive data about you (but this is a huge problem with all 
P2P programs and not too easy to avoid, unless you have a source code to 
check it); capture this packets and take a look at them; they will either 
be a SMTP message or just another chunk of data sent to other P2P user. 

-- 
Radoslav Dejanović
Operacijski sustavi d.o.o.
http://www.opsus.hr


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ