[Snort-sigs] RE: Signature Definition #1432 , 18 of 20

Esler, Joel Contractor EslerJ at ...785...
Mon Jun 9 10:43:05 EDT 2003


 Rule: -- P2P GNUTella GET 
 Sid: -- 1432  
 Summary: -- This string detects Connections from GNUTella clients to "get"
files from the GNUTella network
 Impact: -- Utilization of Bandwidth
 Detailed Information: -- This can show outbound connections to the GNUTella
network to download files from clients.  Peer 2 Peer programs shouldn't be
allowed in your work network.
 Affected Systems: -- Any OS that has a GNUTella client installed
 Attack Scenarios: -- Slim to Extreme
 Ease of Attack: -- Moderate
 False Positives: -- Outbound web traffic going to non-standard web ports.  
 False Negatives: -- Unknown
 Corrective Action: -- Locate and Uninstall all unauthroized GNUTella
clients on the network.
 Contributors: -- Joel Esler
 Additional References: 

 




More information about the Snort-sigs mailing list