p2p news / p2pnet: Fake iTunes Shared Music entries can be created by spoofing fake domain/list names and IP addresses inside an MDNS packet used to broadcast existing lists, says Airscanner Mobile Security Advisory #05101001.

“This spoofing attack can be scripted to post numerous entries to specific or all iTunes users on a network (flooding),” says Seth Fogie, going on:

“By repeated excessive posting of Shared Music Entries, we were able to create a major system load on systems using iTunes.”

Fogie says the DoS risk is low (“Shared Music anonymous forced disconnect”) and list abuse attacks are merely annoying to iTunes users.

But, “ Shared Music lists from various users can be renamed and swapped, thus creating an environment in which you can’t be sure to whom you are connecting.”

Something you think we should know? tips[at]p2pnet.net

See:-
Airscanner – iTunes 6.0 Shared Music Denial of Service/Spoofing/Flooding/Abuse, October 10, 2005

This entry was posted on Tuesday, October 18th, 2005 at 3:34 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 2333 times