My _admittedly_limited_ understanding of Napster is that it circumvents
restrictions on inbound connections unless both ends of a connection are
behind firewalls restricting inbound connections. (Or you are restricting
outbound connections to known protocols, The Good Thing To Do (R))
How?
Let's say User A is within my firewall, and User B is out in the dangerous
criminal world of the Internet.
(1) When User A starts Napster, they create an (obviously) outbound
connection to Napster's servers.
(2) B does the same, and searches for a file/recording. Napster returns the
results for User A's hard drive.
(3) If B can't connect to A (which he can't in this scenario), she sends a
request to the Napster server. The Napster server, which has maintained the
connection that A started above in (1), lets the Napster software on A know
that B wants something from A.
(4) _A_ will initiate a connection with B, so that B can download software.
Get it? This circumvents the existence of a poorly setup firewall, or NAT,
or various other moderate security measures. It will fail if both A and B
are behind firewalls restricting inbound connections.
I hope that was clear, and no, I'm not absolutely postive of any of this,
but this is what I gathered from two minutes of perusing Napster's web
site.
What I'm more interested in is whether any real world exploits are known
using Napster client.
Jamie Fraser
[EMAIL PROTECTED]
Irwan Shahrin Ismail <[EMAIL PROTECTED]> on 07/06/2000 08:32:51
PM
To: "'fw-1-mailinglis'"
<[EMAIL PROTECTED]>
cc: "'James Edwards'" <[EMAIL PROTECTED]>,
"'Sam Ghannadi'" <[EMAIL PROTECTED]>(bcc: Jamie
Fraser/Doblin)
Subject RE: [FW1] Napster
:
Another thing to add is that if your internal users are using
Hide NAT, they would be protected from external access anyway ..
-----Original Message-----
From: James Edwards [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 07, 2000 12:05 AM
To: 'Sam Ghannadi'; 'fw-1-mailinglis'
Subject: RE: [FW1] Napster
If you have your firewall set up like most people, you have already done
it.
Most people are very careful about what they let in, only allowing certain
services to certain machines and blocking everything else coming in. If
this is the case, you have already blocked an external person from
accessing
any machine and service you have not specifically allowed.
Hope that makes sense.
Jim Edwards
-----Original Message-----
From: Sam Ghannadi [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 06, 2000 10:15 AM
To: 'fw-1-mailinglis'
Subject: [FW1] Napster
Hi everybody:
Probably we all know how to block Napster for internal users, but how I can
let the users to download from Napster but block Napster users to come in
to
our network.
Thanks
Sam Ghannadi
===========================================================================
=====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
===========================================================================
=====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
