[Snort-sigs] P2P Kazaa Traffic

Tony Lill ajlill at ...1531...
Thu Jul 10 14:25:30 EDT 2003


I think it just uses port 8080. When I was grabbing enemy terrtory, I
got a constant stream of "P2P Guntella Gets"
--
Tony Lill,                         Tony.Lill at ...1532...
President, A. J. Lill Consultants        fax/data (519) 650 3571
539 Grand Valley Dr., Cambridge, Ont. N3H 2S2     (519) 241 2461
--------------- http://www.ajlc.waterloo.on.ca/ ----------------
"Welcome to All Things UNIX, where if it's not UNIX, it's CRAP!"

>>>>> "Wes" == Wes Young <wyoung at ...1639...> writes:


    Wes> I haven't looked into bit torrent yet, only used it a few times, no packet captures.....even so, I don't think it authenticates, it just spams the file out on a certain port. It turns your comp into a p2p server, so all you need to do is look for incomming traffic on whatever port it uses.




More information about the Snort-sigs mailing list