Hi folks. I think I might be able to share some insight on this.
This program... http://www.dddi.nl/~costar/shadowFT/README ...scans networks for Kazaa and Morpheus' port 1214. If found, it indexes all the files is finds. Kazaa and Morpheus have httpd servers running that are set to the equivalent to Apache's "auto indexing" ( http://httpd.apache.org/docs/mod/mod_autoindex.html ). This means anyone with a web browser can see all the files the program is set to share with a web browser. There are no directories set up, so a request for "GET /" will show all shared files via an HTML page with file size and a clickable link to DL the file. It's trivial to write a script to automate the scanning and retrieval of these directory listings and to index them. This is what shadowTF is doing. The process is scan for 1214, pull a http://ipaddress:1214 and then parse the HTML output and stick it in a database and put a front-end on it. >From their page: ---------------------------- Everyone SHOULD SCAN, even if it's just a little bit. ---------------------------- Of course this could be used to check for idiots with their entire HD shared! Cheers. ----- Original Message ----- From: "Alexandru Balan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, February 21, 2002 11:20 AM Subject: [rlug] Re: Kazaa and Morpheus > On Thu, 21 Feb 2002 11:10:15 +0200 > "Mihai Marusca" <[EMAIL PROTECTED]> wrote: > > > From: "matrix000777 X" <[EMAIL PROTECTED]> > > > > >Firewall-ul e administrat de mine ... ti-am spus pt statia mea am > > >lasat outbound toate porturile .... nu am citit la kazaa deloc > > >documntatie...dar > > >o sa citesc sa vad ce spun baietii > > > > Pai ar trebui sa citesti ce spun _ceilalti_ baietzi :) Cei de la kazaa > > se vor jura ca totul e perfect. De altfel www.musiccity.com incepe cu > > "The report of a security hole in Morpheus is FALSE". > > > > Poate-ti taie portul ala cineva mai sus (pe la ISP). > > > > Mihai > > > > --- > > Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to > > unsubscribe from this list. > > foarte posibil. Pe mai toate listele de la securityfocus se diskuta si > acum de noi patchuri skoase de kazaa si de faptul ca in continuare se > pot afla o gramada de lucruri despre one's computer inclusiv detalii > despre fishiere folosind 1214-u ala > > for starters (ca se cerea link mai devreme) try www.securityfocus.com si > eventual www.packetstormsecurity.com unde au fost publicate si cateva > exploituri > > -- > Alexandru Balan > Technical Support > iNES Advertising > URL : www.iNES.RO > tel : +40 1 232.21.12 > fax : +40 1 232.34.61 > --- > Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to > unsubscribe from this list. > > --- Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to unsubscribe from this list.
