Quote:
|
is p2p still a security risk ?
|
A better set of questions to ask might be:
Security:
- How does aMule present my files and filesystem structures to the public? What metadata is made available along with the data? For instance, does it present gid/uid numbers? User names? What can be gleaned about my workstation and its configuration?
- What can I find out about this application's development history? Have there been security related bugs reported? If so, which components of the application were affected? How were the bugs managed by the developers?
Traffic patterns:
- What IP protocols are used? Most likely this will be TCP, UDP, or possibly both. Some applications may use other protocols (see /etc/protocols for examples).
- For TCP or UDP, what port numbers are used for destination (listening) services? What port numbers are used for outgoing transmissions?
- Are there Quality of Service or other IP flags used by this application's traffic? If so, how are they utilized?
Please note that questions like these are only the starting point. And, they are questions you should ask yourself, along with, "Where will I find the answer?"
As you dig, you may discover more questions to ask. And, you may like the answers, you may not. But they will help you make better decisions.
Your nearby Internet search engine may be able to provide you with some answers, for others, you may find yourself wanting to review the source code.
---
If it seems like I am advocating self-sufficiency; well, yes, I am. I also don't have any answers to these questions, because I have never used aMule. I know where to look, though, if I wanted to find out. I would start with Google.