Foxy

(CVE-2008-6742)

Foxy is a popular peer-to-peer file sharing application, widely used in Hong Kong, Mainland China, and Taiwan. Not only does it slow network traffic and lower employee productivity, it also can present a serious security risk.

Unlike other peer to peer software, Foxy is very easy to use and has unlimited download capabilities. Foxy uses distributed topology, which means that the Foxy network does not rely on a tracker server to store file sharing information. Instead, the information is distributed among thousands of Foxy peers. This may result in a larger exposure of the shared files compared to other peer to peer file sharing networks. The distributed topology also makes the revocation of a shared file in the Foxy network technically unfeasible. If some sensitive information has been shared over the Foxy network, it is technically impossible to stop it from further spreading.

Peer to peer Internet traffic, such as Foxy, slows critical business applications on corporate networks. It lowers employee productivity as they take time away from their work to download music and videos. This sort of traffic also significantly increases a company’s Internet communication costs and requires them to purchase additional bandwidth.

The Check Point IPS Software Blade is able to detect peer to peer traffic regardless of the TCP port that is being used to initiate the peer to peer session.  For more information, see SBP-2009-20.

The Check Point IPS Software Blade has a variety of application controls that can be used to block applications that may violate company policy, such as instant messengers or peer to peer software.