Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista
Napster alternative: other people's hard drives
Kevin Poulsen, SecurityFocus 2001-02-26

ShareSniffer turns Windows hacking into a P2P play.

Comments Mode:
But what about bandwidth? 2001-02-26
Anonymous (7 replies)
But what about bandwidth? 2001-02-26
jef
encouragement 2001-02-26
thissurfer
But what about bandwidth? 2001-02-26
Havokmon
But what about bandwidth? 2001-02-26
patrick
But what about bandwidth? 2001-02-26
Parity
But what about bandwidth? 2001-02-26
smash (at) floodbox (dot) com [email concealed] (1 replies)
But what about bandwidth? 2001-03-01
anon
Honeypot, anyone? 2001-02-28
luno
This is HILARIOUS 2001-02-26
anonymous
Win2K 2001-02-26
Anonymous
The Best Security is making the problem widely known. 2001-02-26
Sap
Plain immoral/illegal, Socially Irresponsible. 2001-02-26
Anon
Open Doors does not mean Open House... 2001-02-26
deggi3
Bad, Badder, Baddest! 2001-02-26
Salvatore
NETBIOS passwords aren't secure.... 2001-02-26
Brad
An Internet where *everybody* is a script kiddie 2001-02-27
A.Lizard alizard (at) ecis (dot) com [email concealed]
What about Security 2001-02-27
rbooke
Excellent Blackmail tool 2001-02-28
Anonymous
User Ignorance (or "I Didn't Mean To Do It") 2001-02-28
raptorfan (at) earthlink (dot) net [email concealed]
How to make ShareSniffer unusable/undesirable 2001-03-01
Johan Lindqvist <lindq (at) bigfoot (dot) com [email concealed]>
Given that ShareSniffer gets its list of open hard drives from a public news group that is open for posting (i.e. by other copies of ShareSniffer) it's possible to render the software unusable, or at least undisirable to use.

The most obvious attack would be to make the software unusable, or at least stop people from sharing information about open shares by dilluting the news group by massively inserting false lists of open shares. This would make finding the real open shares virtually impossible. A classic information integrity attack.

It becomes more interesting/fun if we start inserting normal ammounts of false addresses into the news group but select which hosts to "expose". Listing open shares at 208.47.125.33 or in the range 198.81.128.0 - 198.81.191.255 would probably make people think once or twice before using the software again.

/Johan

(Oh, 208.47.125.33 is www.nsa.gov, and 198.81.128.0 - 198.81.191.255 is registered with CIA. Finding other sites with alert security monitors is left as an excercise for the reader.)

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/159/4791#4791
Protection..... 2001-03-01
NaT







 

Privacy Statement
Copyright 2007, SecurityFocus