[Shuh]

If any of you use sharing programs (e.g. morpheus, kazaa, Aquisition, Napster, etc.), do you ever notice a good deal of non-existant IP addresses springing up in your routing table?

For those of you who don't know what a routing table is: here's a couple of ways to check yours:

1) Go into Terminal.app and type 'netstat -r' and watch the goodness, or
2) Start up /Applications/Utilities/Network Utility, click on the second tab ("Netstat") and then hit the radio button that says "Display Routing Table Information." Next you hit the throbbing blue 'Netstat' button.

Ideally, you should only see something like this (if you have a router and only 1 computer):

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGSc 100 2 en0
localhost localhost UH 7 25289 lo0
192.168.1 link#2 UC 0 0 en0
192.168.1.1 1:2:34:5a:b6:c7 UHLW 101 323 en0 1200
192.168.1.100 localhost UHS 0 78 lo0

But when I use Aquisition, my routing table begins to be populated with some additional "phantom" IP addresses on my network:

192.168.1.3 link#2 UHLW 1 1 en0
192.168.1.102 link#2 UHLW 1 6 en0
192.168.1.104 link#2 UHLW 1 1 en0
192.168.1.105 link#2 UHLW 1 2 en0
192.168.1.111 link#2 UHLW 0 5 en0

Anyone here with a network background have any idea what is going on with this? Is Aquisition setting up these ghost IP addresses in order to connect to all the other "peers" or is this a hacking bot coming from a peer trying to spoof my network and gain some other sinister (more sinister than "sharing") access?

[ghporter]

What's happening with Acquisition is indeed what you thought: it's looking for other peers on your local network, it just goes about it somewhat differently from other apps.

Now the difference between looking for peers and hacking is very gray. In the Windows world, the best way to guarantee you'll get a virus is to install a peer to peer application. While there aren't too many Mac viruses around, there are more every day, and opening your system for anyone in the universe to peruse through just invites the bad guys to mess with you.

[ilukas]

Originally posted by GHPorter:
While there aren't too many Mac viruses around, there are more every day�

really? can give some examples?
i just want to know what's going around, that's all.

[tooki]

Indeed! Aside from the MS Office macro viruses, I haven't heard of any new Mac viruses in years. Every once in a while someone will catch an old one from an old disk, but that's really it!

tooki

[ghporter]

Of course tooki is right; there haven't been any really new Mac viruses in quite a while. However that doesn't mean the script kiddies and code tweakers aren't still busy.

Still, the primary threats remain the various holes in Microsoft's Office suite, and their macro capabilities, along with the more and more ingenious ways the bad guys come up with to get people to open their trash (and attachments) to deliver their viruses and trojan horses. And of course a "successful" macro writer can fool us into opening an infected email by making it look like it came from someone we know.

I call everyone's attention to last Sunday's Doonesbury comic for a good example of one of the many methods in use today. I'm kind of upset at the number of mailings I get suggesting that various parts of my anatomy (some of which I don't have!) need "enhancing," or that I need some chemical help for some personal function. Sheesh!

One more item, and I'll shut up. The biggest problem with peer to peer applications is that basically anyone with the same application can tiptoe through your files. The second biggest problem is that a huge number of users of this software use it to avoid PAYING FOR SOMETHING. It's the "something for nothing" angle that gives the baddies a hook to catch people with. People who create copyrighted materials deserve to be paid for them, just as the folks that create Macs deserve to be paid. 'Nuf said, I'm off my soapbox, you can go about your lives.

[ilukas]

whoa! i'm glad i don't use MS Office. i still use IE, though, so i know i'm in great danger.

as for the "something for nothing" problem, your are right. a lot of users of p2p apps use it to get things for free. i probably do it somewhat also, but mostly it filters content that i buy and introduces me to new things.

one example: sex and the city. had heard of it. never thought i'd like it. one day it shows up in my results. "hmm. it's free, so why not try it?" i downloaded that episode, loved it. downloaded 5 episodes since and like them all, so i've put the "Sex and the City: Season 1" DVD set in my amazon.com shopping cart and when xmas rolls around, i'm buying it.

i rarely bought CDs before Napster. i just have to know that i like what i'm buying! (control freak)

[ghporter]

Originally posted by ilukas:
whoa! i'm glad i don't use MS Office. i still use IE, though, so i know i'm in great danger.

Fortunately, MS is pretty careful about fixing holes that are found in its products, particularly IE. And it isn't "shoddy programming" that's to blame for most of these security problems. It's the fact that we've expanded the uses of the software so broadly and quickly that just about nothing we use has been written from the ground up, let alone written to be secure. Using existing code (which wasn't written with an eye to security) is much quicker and easier than starting from scratch.

Originally posted by ilukas:
i just have to know that i like what i'm buying! (control freak)

And that is the real beauty in file sharing. We used to be introduced to new materials when we visited friends with different tastes. Now we can experience whole new genres simply through curiosity-sort of like visiting really good record stores that would put a recording on for a customer to decide whether or not they liked it.

Thanks for being a great example.