File Sharing Applications and Security

1
File Sharing Applications and Security

• 3rd Annual Computer and Network Security Forum
• February 20, 2003
• Nicola Foggi
• Networks and Telecom
• DePaul University

2
File Sharing Application and Security

• What Applications are Out There?
• What are the risks of these Applications?
• What can you do to protect yourself?

3
Common Applications

• eMule - http//www.emule-project.net/
• eDonkey http//www.edonkey2000.com
• Kazaa http//www.kazaa.com
• WinMX http//www.winmx.com
• DirectConnect http//www.neo-modus.com
• IMESH http//imesh.com
• Shareaza http//www.shareaza.com
• There are plenty of other ones...

4
How Many People Use These

• Kazaa
• Over 187 Million Copies Downloaded
• IMesh
• Over 40 Million Users
• Hmmm... Thats a lot of users

5
So What Could Go Wrong

• Afterall...
• Its JUST File Sharing Right?

6
So What Could Go Wrong

• The simplest, easiest, and probably least
  damaging
• Viruses / Backdoors / Trojans transferred instead
  of requested file...
• However, most virus scans would probably catch
  these unless it was a new vulnerability...

7
So What Could Go Wrong

• A little more complex, but well documented by
  Microsoft on how to accomplish...
• Embedded URLs in Files
• Probably not too big of a threat...

8
So What Could Go Wrong

• Even more complex, but definitely more serious...
• MP3 ID3v2 Malformed Tag Vulnerability
• This is a definite threat, and has been out since
  December 2002, but hasnt really been exploited
  successfully...

9
How to Prevent These

• Virus Scans
• (Keep the DAT Files Updated!)
• Work Arounds
• (Disable Java Script in IE)
• Patches
• (Windows and WinAmp)

10
Why These Didnt Get Exploited
11

• But There May Be More...

12
What Else Could Go Wrong

• New Exploits of MP3 ID Tag Vulnerabilities
• After all... how many people patch there systems
  or update software?
• But Its Still Too Slow...

13
What Else Could Go Wrong

• Its probably just time before...
• Exploit of File Sharing Software
• What is the possible impact?

14
(No Transcript)
15
Exploit of File Sharing Application

• Why could it be so deadly?
• With millions of users using the software there
  would be plenty of people to attack!

16
Exploit of File Sharing Application

• What could be done?
• I think SLAMMER showed a very effective DoS
• Maybe do something similar!
• One Application to Spread the Worm, the other to
  do a DoS with flooding UDP traffic!
• Remember, most of these applications listen on a
  network port so could be easily attacked with the
  right vulnerability!

17
Exploit of File Sharing Application

• IF Anyone here is thinking
• about looking into this...
• PLEASE...
• dont release it on a FRIDAY NIGHT!
• How about a Wednesday Night?

18
Exploit of File Sharing Application

• and of course...
• make sure you exclude the netblock
• 140.192.0.0/16
• from the range of IPs to attack!

19
How to Protect Yourself

• Dont Use These Applications!
• (Youll save everyone a bunch of time and
  bandwidth...)
• But thats probably not going too happen...
• So...

20
How to Protect Yourself

• Keep up on Patches
• Virus Scan Software
• Personal Host Firewalls to Prevent Incoming
  Connections

21

• Questions?

22
References

• Windows Media Player Executes WMF Content in MP3
  Players http//online.securityfocus.com/archive/1/
  258122
• KaZaa Home Page - http//www.kazaa.com
• IMesh Home Page - http//www.imesh.com
• File Sharing Applications http//www.10ts.com/file
  sharing.htm
• Embedding URLs in Digital Media Content
  http//msdn.microsoft.com/library/en-us/dnwmt/html
  /wmp7_urlflips.asp
• MP3 Worms - ID Tag Vulnerability
  http//www.wired.com/news/infostructure/0,1377,569
  24,00.html
• Security Aspects of Napster and Gnutella -
  Steven M. Bellovin http//technetcast.ddj.com/tnc_
  play_stream.html?stream_id625