Hi Frank,
I too would like to know about this. After the Nudester exploit a little
while back I did do some sniffing
on FTP for WinMX to see if it too had the vulnerability. However, I could find
nothing conclusive, just the normal
encrypted packets.
Has anyone else seen anything different.
--
Stuart
"Frank Smith" <[EMAIL PROTECTED]> on 13/09/2001 00:13:03
To: "Security Basics" <[EMAIL PROTECTED]>
cc: (bcc: Stuart Luscombe/COSS/CCenter)
Subject: WinMX and FTP
Hi,
I am running W2K Prof SR2 and sometimes use file sharing program WinMX. This
afternoon, I discovered on my Speedometer that 100K/s FTP was happening.
Netstat -a revealed an established FTP connection to an ADSL user in
Denmark.
As soon as I closed WinMX, the FTP connection died and the port used went to
listening. I told my firewall router to block outgoing FTP and restarted,
but that is not the greatest solution.
Can somebody tell me how I could have viewed what the person was uploading?
Can somebody with WinMX/Gnutella protocol knowledge explain how this person
was able to start the FTP connection?
Thanks!
Frank
