Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Napster alternative: other people's hard drives
Kevin Poulsen, SecurityFocus 2001-02-26

ShareSniffer turns Windows hacking into a P2P play.

Comments Mode:
But what about bandwidth? 2001-02-26
Anonymous (7 replies)
Bandwidth is not cheap so let's give a million people a damned port scanner and let them them scan to their heart's content. Just what I need, a million NetBIOS scans plugging my pipe and firewall logs. What is this startup thinking?

That this is good? Sounds foolish to me.

...

[ more ]  [ reply ]
But what about bandwidth? 2001-02-26
jef
Whatare they thinking? Simple...there is a huge market for P2P file transers and right now the RIAA is doing there best to shut it all down so they can keep selling overpriced CDs. There is a vast market for P2P and a creative company that can get there first with a viable legal way of providing t...

[ more ]  [ reply ]
encouragement 2001-02-26
thissurfer
yeah! lets waste more bandwidth and at the same time encourage all the idiots in the world to scan all over the internet. This might not be so bad if we all had fiber for the local loop, but I need all the bandwidth I can get. I don't want some idiots slowing me down cause they have a new scanner ...

[ more ]  [ reply ]
But what about bandwidth? 2001-02-26
Havokmon
err. I would assume that's why those IP addresses are being posted to a newsgroup.

I would then assume, that you'd have the choice of finding your own set of IP's, or just gathering already discovered IP's from said newsgroup, thus reducing potential traffic....

[ more ]  [ reply ]
But what about bandwidth? 2001-02-26
patrick
I agree, is there a legitimate use for this?...

[ more ]  [ reply ]
But what about bandwidth? 2001-02-26
Parity
Foolish or not, you can't close pandora's box.

And besides, it will have the -highly- beneficial side effect of making Win9x users aware of security, ... if people start using your open share to trade mp3's you're going to notice the bandwidth/diskspace usage in a way that you won't notice a subt...

[ more ]  [ reply ]
But what about bandwidth? 2001-02-26
smash (at) floodbox (dot) com [email concealed] (1 replies)
i think it is a good idea.

and bandwidth doesnt cost much, and if it does your using the wrong isp, or you could turn off windows file sharing alltogether...

[ more ]  [ reply ]
But what about bandwidth? 2001-03-01
anon
Bandwidth doesn't cost much. Not for your little 128k ISDN line maybe, but for corporations with large pipes, it can cost anywhere from $20,000 to $200,000 and more I suspect. That's doesn't sound cheap to me!...

[ more ]  [ reply ]
Honeypot, anyone? 2001-02-28
luno
How long will it take before someone writes a honeypot to fool this not-even-script-kiddie tool? I'd love to hand this thing all sorts of bogus info, or perhaps see if it validates its input... ;)

Then again, if other people are downloading your files, why not toss in a copy of BO, or similar tr...

[ more ]  [ reply ]
This is HILARIOUS 2001-02-26
anonymous
This is such an original idea, I may have to try it!

Can you chroot SAMBA? As much as I'd like to put up an open share on one of my bastion hosts, I'm not going to compromise the security on my network......

[ more ]  [ reply ]
Win2K 2001-02-26
Anonymous
Windows 2000 Pro comes with the default shares on each drive. So without knowing it, anyone installing 2000 without knowing this, is leaving their machine open to the world. I admit, anyone who doesn't check things like that deserves to have their machine nailed, but people who turn on sharing int...

[ more ]  [ reply ]
The Best Security is making the problem widely known. 2001-02-26
Sap
I think this software, if it picks up, will alert more and more end users to the fact that their systems are wide open. Which is good in the sense that if they care they will resolve the issue and not make their systems easy targets for DDOS Agents. On the other hand it will make it easier for colle...

[ more ]  [ reply ]
Plain immoral/illegal, Socially Irresponsible. 2001-02-26
Anon
...

[ more ]  [ reply ]
Open Doors does not mean Open House... 2001-02-26
deggi3
Yes, What about bandwidth that is consumed by the download/uploading of data from the victim computer? What about the disk space it consumes? Good questions, but let's look at this more detailed.

Sure, if they leave the door open enough for public shares is one thing, but to cripple their bandw...

[ more ]  [ reply ]
Bad, Badder, Baddest! 2001-02-26
Salvatore
You know that Napster was/is actually a nice friendly software. But this one, from the very beginning itself sounds like a malicious program with wrong intentions. I hope they shut this company sooner than they can say "RUMPELSTILTSKIN"!!!

Ciao

Salvatore...

[ more ]  [ reply ]
NETBIOS passwords aren't secure.... 2001-02-26
Brad
Another problem with this service: NetBIOS is notoriously insecure when it comes to passwords. I once forgot the password to a network share I had set up at home: in 10 minutes I had obtained a cracker which successfully refreshed my memory of the password (I won't provide the link here, but they'r...

[ more ]  [ reply ]
An Internet where *everybody* is a script kiddie 2001-02-27
A.Lizard alizard (at) ecis (dot) com [email concealed]
I assume nobody here buys the bullshit that says anybody who has file sharing enabled *intends* for everybody on the Net to have access on her HD.

In the past, one at least had to *look* for script-kiddie level hacking tools. This is the first time I've ever heard of a company basing a business p...

[ more ]  [ reply ]
What about Security 2001-02-27
rbooke
I don't think bandwidth is as big an issue as the first time someone from inside your company scans your subnet for shares and posts a nice pretty network diagram of all your open machines to some newsgroup.

...

[ more ]  [ reply ]
Excellent Blackmail tool 2001-02-28
Anonymous
Hey everybody. Search your neighbors hard drive. Find all his incriminating files and send a little e-mail. Instant internet blackmail for any nitwit that left file sharing on....

[ more ]  [ reply ]
User Ignorance (or "I Didn't Mean To Do It") 2001-02-28
raptorfan (at) earthlink (dot) net [email concealed]
<i>"The person who has, through no knowledge of his own, left file sharing 'on' with no protection, that is the electronic equivalent of leaving your door unlocked," says Rasch.</I>

PLEASE. This (imho) is a rather poor argument. See if this type of argument gets you out of your next speeding tick...

[ more ]  [ reply ]
How to make ShareSniffer unusable/undesirable 2001-03-01
Johan Lindqvist <lindq (at) bigfoot (dot) com [email concealed]>
Given that ShareSniffer gets its list of open hard drives from a public news group that is open for posting (i.e. by other copies of ShareSniffer) it's possible to render the software unusable, or at least undisirable to use.

The most obvious attack would be to make the software unusable, or at l...

[ more ]  [ reply ]
Protection..... 2001-03-01
NaT
Perhaps, as ISPs have far greater badwidth it would be useful for ISPs to filter out shareSniffer traffic prior to packets being routed onto the 'local loop'.

But as most ISPs don't seem to be able to manage the systems they already have (certainly in the UK!-) we can only live in hope :-)...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus