|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: 8 hours of pinging
From: Dragos Ruiu (dr
DURSEC.COM)Date: Wed Mar 29 2000 - 02:12:13 CST
- Next message: Pavel Kankovsky: "Re: 169.254.x.x (Dramatic increase in UDP Port 137 (NetBIOS Name Service) probe activity)"
- Previous message: Stephen Friedl: "Re: Dramatic increase in UDP Port 137 (NetBIOS Name Service) probeactivity"
- In reply to: Ed Padin: "Re: 8 hours of pinging"
- Next in thread: Dwight Schauer: "rooted by r0x - from address 212.177.241.127"
- Next in thread: Mike A. Harris: "Re: 8 hours of pinging"
- Reply: Dragos Ruiu: "Re: 8 hours of pinging"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, 28 Mar 2000, Ed Padin wrote:
> I have a client that's looking to block access to napster. Is there a way to
> find out all the IP addresses that the napster server uses? I know that a
> simple packet snatch can answer that but I want to make sure I get the whole
> range of addresses and was hoping that someone already had the information.
>
<soapboxmode=on>
Well your customer is quite lame.
Blocking napster and application blocking in general
are infringements of user's rights. One ot these days
companies will understand that owning the computers
is not tantamount to owning the users. Think of the
internet as any other telephone/comm-device.
Because you own the phone doesn't mean you
can dictate to me what I can and can't say over it.
And everyone has the right to make at least one
phone call... :-) I left the last place that tried to
filter my communications.... and if your company
does this, you should think about leaving too.
So I repeat, trying to block napster is very lame and will
only accelerate the development of better, and more
dangerous to the RIAA, software... check out the
coverage of gnutella...
You've been warned.
<soapboxmode=off>
On the other hand with the exploitable remote
buffer overflow, mayble a good napster block
isn't such a bad thing...
With that said... here is the info you need...
courtesy of HNN and HaX0r. see HaX0r #50
for a reverse engineering of the napster protocol
(see: http://welcome.to/HWA.hax0r.news/
Tell cruciphux I sent ya.)
from: http://david.weekly.org/
Network Configuration
Napster appears to have cubes at globalcenter and at AboveNet
Their main router at abovenet is 208.184.213.7
redirect servers: (server.napster.com:8875)
208.184.216.222
208.184.216.223
servers:
208.178.163.61 (globalcenter)
208.178.175.130-4 (globalcenter)
208.184.216.202,204-209,211-215,217-221 (abovenet sjc2:colo8)
208.49.239.242,7,8 (globalcenter)
ports: 4444,5555,6666,7777,8888
Another reverse engineering of the protocol can be found at:
http://opennap.sourceforge.net/napster.txt
And if any of you use this info to block napster content on
anything other than a security consideration.... well you deserve
everything you'll trigger. :-)
cheers,
--dr
-- dursec.com / kyx.net - we're from the future http://www.dursec.com learn kanga-foo from security experts: CanSecWest - May 10-12 VancouverSpeakers: Ron Gula/NSW, Ken Williams/E&Y, Marty Roesch/Hiverworld, Fyodor/insecure.org, RainForestPuppy/wiretrip.net, Theo de Raadt/OpenBSD
- Next message: Pavel Kankovsky: "Re: 169.254.x.x (Dramatic increase in UDP Port 137 (NetBIOS Name Service) probe activity)"
- Previous message: Stephen Friedl: "Re: Dramatic increase in UDP Port 137 (NetBIOS Name Service) probeactivity"
- In reply to: Ed Padin: "Re: 8 hours of pinging"
- Next in thread: Dwight Schauer: "rooted by r0x - from address 212.177.241.127"
- Next in thread: Mike A. Harris: "Re: 8 hours of pinging"
- Reply: Dragos Ruiu: "Re: 8 hours of pinging"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]