Question on P2P hacking

Discussion in 'other security issues & news' started by morph000, Jan 22, 2008.

Thread Status:
Not open for further replies.
  1. morph000

    morph000 Registered Member

    Joined:
    Apr 13, 2003
    Posts:
    20
    Can anyone advise on whether or not programmes like eMule, Kazaa and Limewire can be exploited by hackers to gain access to your pc ?

    eg can p2p exploits permit files to be placed on a pc by a hacker ?

    Sure, p2p permits viewing and downloading from your pc, but what's the deal for people uploading to your pc without your knowledge ?

    Is this possible ?

    If anyone has some good info or links to articles on the topic, I'd be grateful !
     
  2. ethernal

    ethernal Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    132
    Location:
    Stockholm, Sweden
    bittorrent has (so far) been somewhat safe from hi-jacking.

    older versions of uTorrent are vulnerable, but only to DOS attacks, not actualy execution of arbitary code.
    simply put, it means that if a lot of people used an old uTorrent client, one could craft packets and send to them that would knock them offline (from torrent, not the whole internet), thus severely destroying the quality of the swarm.

    kazaa, emule, and other "older" p2p filesharing protocols are not unsecure by protocol design, but by implimentation of before mentioned clients.

    many many have had their whole pc's hijacked by not-so-nice people.
    but that's due to the application, not the underlying technology.

    torrent is newer and a lot of the clients are open source, thus improving the reliablity and stopping blatantly gaping security holes.
     
  3. Mr. Y

    Mr. Y Registered Member

    Joined:
    Jan 11, 2006
    Posts:
    257
    A couple of times someone has hijacked emule to hack into my computer but SSM has stopped them- When asked by SSM, I blocked it.
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    P2P apps are not really that much hackable. The problem is that people download executables - cracks - run them and then complain about being hacked.
    Mrk
     
  5. Mr. Y

    Mr. Y Registered Member

    Joined:
    Jan 11, 2006
    Posts:
    257
    It has happened to me, although not often, where amon.exe (activity monitor) of Tiny Personal Firewall (TPF) started acting independent while I was running Emule.

    I would download and walk away. I come back an hour later and on the screen SSM is asking if I want to block amon.exe from doing something that is outside of it's charter.

    I believe that the hacker was somehow exploiting the buffer overflow vulnerabilities of TPF. Perhaps there are other leaks in TPF.

    I am very good at making observations but I am an amateur at drawing the correct conclusions in this realm. Perhaps most of problems lie with TPF and not Emule.

    Regardless, I am now transitioning to a different Firewall.
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    I'm not sure what you're saying, but it's possible, maybe... As to eMule, it has the ability to run as an unprivileged user, very dandy, btw.
    Mrk
     
Loading...
Thread Status:
Not open for further replies.