[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <200408091136.31307.radoslav.dejanovic@opsus.hr>
Date: Mon, 9 Aug 2004 11:36:31 +0200
From: Radoslav Dejanović <radoslav.dejanovic@...us.hr>
To: bugtraq@...urityfocus.com
Subject: Re: Winmx Software making calls to Port 25
On Friday 06 August 2004 06:42, Retro Granny wrote:
> This activity clearly raises an alarm of a possible backdoor to the
> Winmx program. I would appreciate any information on how to proceed
> from here.
Winmx is yet another P2P software?
Some users of P2P networks are behind the firewall. To circumvent this,
they often use low ports for communication - there's a fair chance that
the company whose bandwidth you're stealing ;) has some ports open for
e-mail and web. Therefore, if you they bind their P2P software to port 25
or 80 they might fool company firewall to think it is just some more web
pages or email.
So what happened to you might just be that you tried to connect to some
user that uses port 25 to share files, and your firewall thought it is an
outgoing email.
Be advised that this might be the other case, that your P2P software is
sending some sensitive data about you (but this is a huge problem with all
P2P programs and not too easy to avoid, unless you have a source code to
check it); capture this packets and take a look at them; they will either
be a SMTP message or just another chunk of data sent to other P2P user.
--
Radoslav Dejanović
Operacijski sustavi d.o.o.
http://www.opsus.hr
Powered by blists - more mailing lists