Gnutella Forums  

Go Back   Gnutella Forums > Gnutella News and Gnutelliums Forums > General P2P Network Discussion
Register FAQ The Twelve Commandments Members List Calendar Arcade Find the Best VPN Search Today's Posts Mark Forums Read

General P2P Network Discussion For general discussion about peer-to-peer networks.


Welcome To Gnutella Forums

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, fun aspects such as the image caption contest and play in the arcade, and access many other special features after your registration and email confirmation. Registration is fast, simple and absolutely free so please, join our community today! (click here) (Note: we use Yandex mail server so make sure yandex is not on your email filter or blocklist.)

If you have any problems with the Gnutella Forum registration process or your Gnutella Forum account login, please contact us (this is not for program use questions.) Your email address must be legitimate and verified before becoming a full member of the forums. Please be sure to disable any spam filters you may have for our website, so that email messages can reach you.
Note: Any other issue with registration, etc., send a Personal Message (PM) to one of the active Administrators: Lord of the Rings or Birdy.

Once registered but before posting, members MUST READ the FORUM RULES (click here) and members should include System details - help us to help you (click on blue link) in their posts if their problem relates to using the program. Whilst forum helpers are happy to help where they can, without these system details your post might be ignored. And wise to read How to create a New Thread

Thank you

If you are a Spammer click here.
This is not a business advertising forum, all member profiles with business advertising will be banned, all their posts removed. Spamming is illegal in many countries of the world. Guests and search engines cannot view member profiles.



           Deutsch?              Español?                  Français?                   Nederlands?
   Hilfe in Deutsch,   Ayuda en español,   Aide en français et LimeWire en françaisHulp in het Nederlands

Forum Rules

Support Forums

Before you post to one of the specific Client Help and Support Conferences in Gnutella Client Forums please look through other threads and Stickies that may answer your questions. Most problems are not new. The Search function is most useful. Also the red Stickies have answers to the most commonly asked questions. (over 90 percent).
If your problem is not resolved by a search of the forums, please take the next step and post in the appropriate forum. There are many members who will be glad to help.
If you are new to the world of file sharing please do not be shy! Everyone was ‘new’ when they first started.

When posting, please include details for:
Your Operating System ....... Your version of your Gnutella Client (* this is important for helping solve problems) ....... Your Internet connection (56K, Cable, DSL) ....... The exact error message, if one pops up
Any other relevant information that you think may help ....... Try to make your post descriptive, specific, and clear so members can quickly and efficiently help you. To aid helpers in solving download/upload problems, LimeWire and Frostwire users must specify whether they are downloading a torrent file or a file from the Gnutella network.
Members need to supply these details >>> System details - help us to help you (click on blue link)


Moderators

There are senior members on the forums who serve as Moderators. These volunteers keep the board organized and moving.
Moderators are authorized to: (in order of increasing severity)
Move posts to the correct forums. Many times, members post in the wrong forum. These off-topic posts may impede the normal operation of the forum.
Edit posts. Moderators will edit posts that are offensive or break any of the House Rules.
Delete posts. Posts that cannot be edited to comply with the House Rules will be deleted.
Restrict members. This is one of the last punishments before a member is banned. Restrictions may include placing all new posts in a moderation queue or temporarily banning the offender.
Ban members. The most severe punishment. Three or more moderators or administrators must agree to the ban for this action to occur. Banning is reserved for very severe offenses and members who, after many warnings, fail to comply with the House Rules. Banning is permanent. Bans cannot be removed by the moderators and probably won't be removed by the administration.


The Rules

1. Warez, copyright violation, or any other illegal activity may NOT be linked or expressed in any form. Topics discussing techniques for violating these laws and messages containing locations of web sites or other servers hosting illegal content will be silently removed. Multiple offenses will result in consequences. File names are not required to discuss your issues. If filenames are copyright then do not belong on these forums & will be edited out or post removed. Picture sample attachments in posts must not include copyright infringement.

2. Spamming and excessive advertising will not be tolerated. Commercial advertising is not allowed in any form, including using in signatures.

3. There will be no excessive use of profanity in any forum.

4. There will be no racial, ethnic, or gender based insults, or any other personal attacks.

5. Pictures may be attached to posts and signatures if they are not sexually explicit or offensive. Picture sample attachments in posts must not include copyright infringement.

6. Remember to post in the correct forum. Take your time to look at other threads and see where your post will go. If your post is placed in the wrong forum it will be moved by a moderator. There are specific Gnutella Client sections for LimeWire, Phex, FrostWire, BearShare, Gnucleus, Morpheus, and many more. Please choose the correct section for your problem.

7. If you see a post in the wrong forum or in violation of the House Rules, please contact a moderator via Private Message or the "Report this post to a moderator" link at the bottom of every post. Please do not respond directly to the member - a moderator will do what is required.

8. Any impersonation of a forum member in any mode of communication is strictly prohibited and will result in banning.

9. Multiple copies of the same post will not be tolerated. Post your question, comment, or complaint only once. There is no need to express yourself more than once. Duplicate posts will be deleted with little or no warning. Keep in mind a forum censor may temporarily automatically hold up your post, if you do not see your post, do not post again, it will be dealt with by a moderator within a reasonable time. Authors of multiple copies of same post may be dealt with by moderators within their discrete judgment at the time which may result in warning or infraction points, depending on severity as adjudged by the moderators online.

10. Posts should have descriptive topics. Vague titles such as "Help!", "Why?", and the like may not get enough attention to the contents.

11. Do not divulge anyone's personal information in the forum, not even your own. This includes e-mail addresses, IP addresses, age, house address, and any other distinguishing information. Don´t use eMail addresses in your nick. Reiterating, do not post your email address in posts. This is for your own protection.

12. Signatures may be used as long as they are not offensive or sexually explicit or used for commercial advertising. Commercial weblinks cannot be used under any circumstances and will result in an immediate ban.

13. Dual accounts are not allowed. Cannot explain this more simply. Attempts to set up dual accounts will most likely result in a banning of all forum accounts.

14. Video links may only be posted after you have a tally of two forum posts. Video link posting with less than a 2 post tally are considered as spam. Video link posting with less than a 2 post tally are considered as spam.

15. Failure to show that you have read the forum rules may result in forum rules breach infraction points or warnings awarded against you which may later total up to an automatic temporary or permanent ban. Supplying system details is a prerequisite in most cases, particularly with connection or installation issues.

Violation of any of these rules will bring consequences, determined on a case-by-case basis.


Thank You! Thanks for taking the time to read these forum guidelines. We hope your visit is helpful and mutually beneficial to the entire community.


Reply
 
LinkBack Thread Tools Display Modes
  #31 (permalink)  
Old February 12th, 2006
verdyp's Avatar
LimeWire is International
 
Join Date: January 13th, 2002
Location: Nantes, FR; Rennes, FR
Posts: 306
verdyp is flying high
Default

Note that the sophos-discussed technic is in factvery powerful: you can build some code that is apparently inoccuousbecauseit doesnot contain any dangerous code, or call to dangerous OS APIs.

However, if this code can be installed so that it will be able to silently scan any download image or file, just waiting for the file that will contain some valid and encrypted signature, then this code may recognize that signature and choose to extract the relevant attack code from the data, and then run it, even if you have enabled the NX-bit that prevents data to be executed (notably the CPU stack or heap which is commonly targetted by buffer overflows).

Even though the stack or heap remains protected, the "sleeping" background listener may already have enough code to allocate an executable memory block, put the extracted data in it, and then run it. What was apparently a non dangerous image (and that may appear with some minor or nearly invisible garbage noise in the image, comparable to white noise commonly found in photographs or in image scans, or in "antialiased" pixels or sound framesmay still hide enough information to contain arbitrary code.)

The solution for this problem is that the OS should not allow writing in any executable memory fragment, should not allow executing a writable memory fragment, and the API call that changes a writable block into an executable one being contantly monitored by an antivirus looking for dangerous codeinthisdata fragment before it gets a chance to be executed. If the antivirus finds malicious code in the data block, the APIthat transforms a writable block into an executable block will return an error,and the block will remain data, possibly still writable, but not executable.

Additionally the antivirus scanner should list the process as possibly infected, and any further call to change the status of a writable block should be slowed, and the antivirus should signal an alert tothe user about the possibly infected process that should be killed (this would kill the sleeping code that infects it, such as a modified system DLL or system hook). This could be part of the heuristic engine. The suspect part of code that calls the memory status change API should be reported, in order to find and detect it.

Note that in most common applications, there are very little valid code that changes a writable memory block into an executable one. This code is typically found in avery small part of "JIT" compilers (on .net or in a JVM), or in debuggers for programmers, or in program loaders (that change the block read from disk and gives it the permission to run). This code isgenerally completely isolated within a single DLL or executable, and should be digitally signed (if not, the antivirus engine should provide its own database of verification signatures for known DLLs or executables, and the antivirus company should permanently monitor updates made available to this code by the OS or VM vendor, the simplest being that the OS or VM vendor releases this code with an embedded strong digital signature, such as Authenticode).

Unfortunately, in Windows, not all executable components are digitally signed: look at the results of the "Digital signature verifier" tool, that reports somefiles provided by Microsoft itself, notably in system drivers. There are others in fixed-size bitmap fonts used today mostly in console apps (they really are DLLs containing a resource and a normally empty code, even though they display a .FON extension, and so they can contain code executed at DLL load and unload time and when the DLL is attached and detached to a process)

Notably, look into the Windows Devices Manager: most of them depend on hardware andarenot present in lots of PC, however some are constantandavailable on almost all of them, notably in the "hidden" (non Plug&Play) devices list that isused for system services: critical ones are "AFD", "HTTP", "TCP/IP protocol", "IpNat", "IpFilterDriver", or other filesystem drivers (NTFS, FAT, CDFS...) but some other are just there for devices rarely used and generally not considered dangerous such as "Serial" that manages serial COM ports, "Beep" that just performs horrible monophonic beeps to the PC speaker without any audio device, or "Null" that implements a silent/sink device (and matches the "NUL" filename). If any of those devices, that are loaded by default and given access to the kernel, are infected, they may perform arbitrary code. Most drivers work by installing system hooks for the Win32 APIs they wish to implement.

All these executable files (and notably the .SYS drivers andthe OS loader, because they are loaded very soon during boot time, before the antivirus loads, and because their files are NOT protected and NOT locked during OS execution) should be digitally signed, and their normal location stored in the registry should be protected (unfortunately, it's easy to remove the ACL protections from the critical parts of the registry: you can do it manually from any administrator account even if those ACLs normally do not include "Administrators" rights, only "SYSTEM" rights, where only Microsoft can authenticate as "SYSTEM" because SYSTEM protects your Windows licence). Unfortunately, they are not... and their location and filename on disk is constant, making them easy to attack if there's noantivirus to protect you from silent additions or changes in the list of system devices (Windows informs you only with PnP devices).
__________________
LimeWire is international. Help translate LimeWire to your own language.
Visit: http://www.limewire.org/translate.shtml
Reply With Quote
  #32 (permalink)  
Old February 12th, 2006
ultracross's Avatar
FrostWire Developer
 
Join Date: February 7th, 2005
Posts: 815
ultracross is flying high
Default

Nice explainations (albeit long). But the problem is usually not in the specification of a certain protocol, but in the implementation. As in the case of the JPEG rendering flaw, it was the microsoft code which allowed the vulnerability, not in the specification of how to render JPEG images.
Reply With Quote
  #33 (permalink)  
Old February 12th, 2006
flame-retardant
 
Join Date: November 22nd, 2005
Posts: 196
Hyper-kun is a great assister to others; your light through the dark tunnel
Default

ultracross, it would suit you very well to accept that you were wrong. From what you write I get the strange idea that you do not even understand your own words.

You write this:
"it was the microsoft code which allowed the vulnerability"

and at the same time you claim it's impossible to get infected through pictures? Please explain what's the effective difference? The effect is exactly the same. Actually this is even more dangerous as it's very hard to protect yourself against it. Just being smart won't help.
Such flaws are of course more severe by magnitudes if they exist in Microsoft products because that's what virtually everybody uses nowadays.

There's no point in bashing Microsoft here. Such flaws exist in all kinds of software and
not just software for Windows. Software for Linux, Mac OS etc. has often the same kind of vulnerabilities. I suggest
you read bugtraq for a while:

http://www.securityfocus.com/archive/1

It is somehow ironic that just a moment after my first reply,
the now well-known WMF bug was discovered or rather published. There is really no reason to call the average user a "dumbass". With these kind of bugs the user does not have to do anything "wrong".

I beg you, ultracross and others, stop spreading your *dangerous* smattering. Finally, for those who think they can clean their systems from worms and viruses on-the-fly using some tool, read this:

http://www.microsoft.com/technet/com...mt/sm0504.mspx

Even Microsoft is smart enough to comprehend this.
Reply With Quote
  #34 (permalink)  
Old February 14th, 2006
ultracross's Avatar
FrostWire Developer
 
Join Date: February 7th, 2005
Posts: 815
ultracross is flying high
Default

@Hyper-kun
And who the hell are you to say that I was wrong? It WAS a microsoft flaw. Their implementation of the JPEG specification WAS written poorly which introduced this vulnerability. If microsoft would build to suite specifications instead of what they think would be better (e.g. MSIE), they would be a better software company.

Stop being such a lamer. Who are you, a Microsoft PR agent? Its a good practice aswell as etiquette not to start **** in threads that you know nothing about.
Reply With Quote
  #35 (permalink)  
Old February 14th, 2006
flame-retardant
 
Join Date: November 22nd, 2005
Posts: 196
Hyper-kun is a great assister to others; your light through the dark tunnel
Default

It should be obvious that I'm neither a lamer nor a Microsoft PR agent. I also doubt that Microsoft needs your advice and that you know any kind of etiquette. You should probably improve your reading skills. I never claimed that there was no bug in code by Microsoft handling JPEG images. By the way, I know damn well what I am talking about.

I'll explain it a little simpler for you:

I wrote: "Hell you can even get virus from pictures."

You claimed: "No you can't."

That's what I referred to when I said "you are wrong". I repeat: You can infect your system through any kind of file including pictures. All it takes is an exploitable flaw in applications handling these files. Actually it doesn't require files at all. It is possible to infect a system by any kind of input as long as there is an exploitable bug in the implementation handling this input.

You wrote: "You are reffering to a Microsoft Windows flaw in the JPEG engine that is used to render JPEG images."

You are wrong again. There are far more bugs than this one. I was not thinking of any certain bug. And just to repeat myself, this problem is not unique to Windows. Windows and software for it is just the easier bait due to its popularity. Nonetheless there are inherent design flaws in Windows which make these issues a little worse than they are on other systems.

If you want me to provide an (incomplete) list of software that is exploitable I could do that. It's probably not wort the time. You can just read Bugtraq yourself:

http://securityfocus.com/archive/1

For example, the famous WMF exploit works fine for a lot of standard picture filename extensions including "jpg" and "jpeg". You just have to rename the WMF file. This might be misleading though because you probably argue that this isn't a JPEG file. WMF is still a picture format nonetheless.

Last but not least, for most users you don't have to be that smart at all since they will fall for "whatever.jpg.exe" because - nobody knows why - Windows hides known filename extensions by default. For the common user this makes it impossible to differ between a mere data file and an executable file.

In any case it's not as simple as "executables are dangerous but data files are harmless".
Reply With Quote
  #36 (permalink)  
Old February 14th, 2006
ultracross's Avatar
FrostWire Developer
 
Join Date: February 7th, 2005
Posts: 815
ultracross is flying high
Default

after phillipe posted, i pretty much gave into his explanation, quietly though. why am i even bothering to reply to you,.. oh yes, im subscribed to this thread...

*unsubscribes*

peace! im out.

*walks away all cool*

(and yes, i am always this stubborn. especially when people rub sh!t in. because then its just stupidity that propells them to further escalate something into a flame war.)
Reply With Quote
  #37 (permalink)  
Old July 22nd, 2006
Sgt Sgt is offline
Gnutella Muse
 
Join Date: August 24th, 2005
Location: Not Where I'd Liked To
Posts: 225
Sgt is flying high
Default Hyper-kun Is Right

Hyper-kun is right you can exploit any file written

When we were flooding the networks with corrupt Mp3, wmv, wma exct

See my other posts

we created certain code in the files that when the person trying to run them (your computer slows down as it does certain things) the files were actually writing certain other files in the windows/system32 directory (as an example)

this was done on unix, linux, windows, the mac system exct

These files were also made to scan your hard drives for P2P and any d/l program you had on your computer ie Gozilla (I Know it's old, but it's an example)

The old kazaa system was flooded by fake files ie mp3, windows media files, jpg, html, exct (see my other posts) And is now considred nearly dead

the winmx system is also considered nearly dead

bearshare is under attack now

and as I have already stated they are now starting to attack this network

If u want to spot the fakes (I have already posted how) not 100%, but near enough

Read The Posts How

Sorry can't tell you what files, and how to stop them (would be sued)

But I Can Tell You This

Any File Out There is Usable

Sgt
Reply With Quote
  #38 (permalink)  
Old July 22nd, 2006
AaronWalkhouse's Avatar
***ּLegendary Axeman***ּ
 
Join Date: January 17th, 2005
Location: My igloos melt in June.
Posts: 1,974
AaronWalkhouse is a great assister to others; your light through the dark tunnel
Default

Reply With Quote
  #39 (permalink)  
Old July 22nd, 2006
Lord of the Rings's Avatar
ContraBanned
 
Join Date: June 30th, 2004
Location: Middle of the ocean apparently (middle earth)
Posts: 618
Lord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputation
Default

Quote:
Originally Posted by Sgt
Sorry can't tell you what files, and how to stop them (would be sued)
WT*
Explanation would be nice. Sued by a company you no longer work for? Being constructive would be to give examples of such & some answers. Otherwise it sounds like heresay.
Quote:
Originally Posted by AaronWalkhouse
Reply With Quote
  #40 (permalink)  
Old July 22nd, 2006
Sgt Sgt is offline
Gnutella Muse
 
Join Date: August 24th, 2005
Location: Not Where I'd Liked To
Posts: 225
Sgt is flying high
Default Hey lord

Hows it going

The reason I can't tell you which comp ect is, it was in the contract I signed

What I can tell you is this

it was a company that likes music



Sgt
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
download music but rather than the song, a link to other "free" dl programs came up dibennett Download/Upload Problems 4 June 13th, 2006 07:55 AM
Free 16 song sampler not syncing to iPod thefoodguy Open Discussion topics 1 February 16th, 2005 02:41 PM
free amazon gift certificate and free desktop pc from gratis (the free ipod people) ehd Open Discussion topics 1 September 2nd, 2004 12:21 PM
Kernel Trap Lennie Download/Upload Problems 0 December 20th, 2003 08:15 AM
Is this a trap? J Hayes Open Discussion topics 1 March 17th, 2003 11:28 AM


All times are GMT -7. The time now is 01:17 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2020 Gnutella Forums.
All Rights Reserved.