[Snort-sigs] Signature Definition #556, 9 of 20
Esler, Joel Contractor
EslerJ at ...785...
Mon Jun 9 05:54:14 EDT 2003
Rule: -- P2P Outbound GNUTella client request
Sid: -- 556
Summary: -- This string detects A Gnutella Client initiating contact with
the Gnutella Servers as a node.
Impact: -- Unauthroized Peer 2 Peer sharing client installed and attempting
to connect on your network.
Detailed Information: -- GNUTella a popular P2P Sharing program shares
anything from a folder that a user wanted to share on the GNUTella network
to a whole drive. The Signature detects an outbound attempt to connect from
Affected Systems: -- Any that have the software installed
Attack Scenarios: -- Slim to Dangerous
Ease of Attack: -- Easy if installed
False Positives: -- if the string "GNUTELLA CONNECT" is detected at Depth
40 outbound it could be a false positive.
False Negatives: -- Unknown
Corrective Action: -- Find and remove GNUTella or any of it's like-clients
on your network
Contributors: -- Joel Esler
Additional References: www.gnutella.com
More information about the Snort-sigs