p2p

Discussion in 'other security issues & news' started by Spray-on Dust, Dec 17, 2004.

Thread Status:
Not open for further replies.
  1. Spray-on Dust

    Spray-on Dust Registered Member

    Joined:
    Dec 6, 2004
    Posts:
    51
    This is not an urgent thread. Sorry in advance if threads like these are not permitted here. This is just for people to share what they know about p2p and the dangers that lie within them. I had never thought that I may be at risk while using DC++ until recently. I just assumed I was safe because I had an anti trojan, anti virus, anti spyware, firewall, and process guard.

    But anyway, I'm an avid user of the p2p DC++. I love it because it allows me to download anything I can imagine (musically speaking). It's great if you're into indie and other obscure stuff. Anyway, I was browsing the web and reading up on the dangers of p2p's because I just happened to think about it one day. I'm not talking about malware like spyware etc, but i'm talking about the dangers of people being able to access your computer without your knowledge, see your hidden files, etc. I just read somewhere on the web a minute ago (and now I can't find the damn link) that it's easy for people to do this especially if your computer is connected to a network. I'm not sure how it all works but that's what it said.

    So, in short, are p2p users at a greater risk of having our pc's compromised by being connected through a network and is it easier for people to download viri, trojans, etc and use our computers as file servers without our knowledge? Tell me anything you guys know. I'm all ears. But, of course, don't in any way let the answering of this thread of mine interfere with your progress on TDS-4! :D

    Peace.
     
  2. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    I've moved this from TDS forum to here (other security issues) as it is a very suitable topic for discussion in my view BUT isn't a TDS support issue so hopefully it will get a wider viewing here and more replies and comments to help you
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Two things come to my mind immediately.
    1. Never do P2P from an administrators account and use strong passwords on all your user accounts. This reduces the risk of your machine being taken over considerably.
    2, Monitor your connections either by watching you connections in your firewall -OutPost2 is great for doing this and also run a utility like DCS's Port Explorer wherre you can see all running and hidden connections to the outside world.
     
  4. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    First of all it depends on what kind of P2P connection and protocol you are using.
    Normally your firewall is blocking all traffic to the other ports.
    So in the (theoretical?) case if someone is able to take over your system,
    it has to use the connection to the ports that are used with the P2P protocol you are using.
    Then there is another thing of course, sniffing and using the protocol options
    with hacking tools is always possible.
    But exploiting the protocol is only possible with not only a poor designed
    protocol but the client/server software that belongs to it must be very
    'buggy' too.
    Because your P2P client/server software must do the taking over
    of the system. That must be a very poor implementation of software!
    An other option would be that you would start another systemproces or so
    to do that work for you. i don't thinks so.

    Of course P2P is the best way to download virusses, trojans, malware etc.

    And if you don't want to share more data then you think you do,
    i agree with Pilli that you have to monitor your P2P connection
    with a networksniffer or DCS's Port Explorer.

    Never use a P2P that is unknown, because that could be a trojan or
    a tool that opens a fatal networkport on your system.

    In some cases there is another problem with sharing data P2P
    and that is if you don't know the data that is stored by others on your system (store and transfer is crypted)
    That is something that i would never recommend, your system can be turned into a fileserver for terrorists or other criminal activities.
    So you don't know who you are helping.
    So choose a well known P2P and monitor your networktraffic...

    good luck
     
Thread Status:
Not open for further replies.