[Snort-users] The truth about Napster

Kris Kennaway kris at ...593...
Fri Oct 6 23:09:49 EDT 2000


On Tue, Oct 03, 2000 at 04:05:35PM -0700, Joe McAlerney wrote:
> Hi,
> 
> I'm sure someone will correct me if I'm wrong, but I think that rule was
> added to detect Napster traffic in organizations that do not want to
> allow Napster for reasons of bandwith consumption, and distribution of
> pirated music.  I have not heard about gaping security flaws within
> Napster, but that doesn't mean they don't exist.  I would remove it if
> your organization is not concerned with mp3's flying around your
> network.

There was a hole in old versions of gnapster and knapster (a gtk-based
client, and kde client respectively) - see

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:18.gnapster.knapster.asc.v1.1

ISTR old versions of the windows client also had vulnerabilities.

Kris



More information about the Snort-users mailing list