[Snort-sigs] Signature Definition #556, 9 of 20

Esler, Joel Contractor EslerJ at ...785...
Mon Jun 9 05:54:14 EDT 2003

 Rule: -- P2P Outbound GNUTella client request 
 Sid: -- 556 
 Summary: -- This string detects A Gnutella Client initiating contact with
the Gnutella Servers as a node.
 Impact: -- Unauthroized Peer 2 Peer sharing client installed and attempting
to connect on your network.
 Detailed Information: -- GNUTella a popular P2P Sharing program shares
anything from a folder that a user wanted to share on the GNUTella network
to a whole drive.  The Signature detects an outbound attempt to connect from
your network
 Affected Systems: -- Any that have the software installed
 Attack Scenarios: -- Slim to Dangerous
 Ease of Attack: -- Easy if installed
 False Positives: -- if the string "GNUTELLA CONNECT" is detected at Depth
40 outbound it could be a false positive.
 False Negatives: -- Unknown
 Corrective Action: -- Find and remove GNUTella or any of it's like-clients
on your network
 Contributors: -- Joel Esler
 Additional References: www.gnutella.com

More information about the Snort-sigs mailing list