i had 2 friends that had kp on their machines but they did not put it their. one had files in the p2p shared dir and the other had files all over the place. their machines were running redhat like mine and redhat linux has a lot of holes if its not setup. if someone gets a hi user id by hacking a service like sendmail tftp telnet login or anoter service even apache they can pretty much do what they want on that machine. if files are put in a high trafc spot like a p2p shared dir, then the p2p app will begin sharing those files so it like a backdoor to a fileserver. our cUsers group has seen this a few. the other prob is with java on some p2p apps the java jvm that runs on the machine with the app can be vuln if its an older or oem vers. my shop machine was hacked thru telnet and java not the p2p. the p2p's are prety good overall.

JM2C