[Snort-users] Is anyone using 'react' to block the use of Gnu tella?
svieth at ...6966...
Wed Sep 25 08:25:06 EDT 2002
Thanks for the tip. I'll look inside the packets before I go any further to
make sure it's really P2P traffic. However, one of the Snort signatures
that is firing is looking for "GNUTELLA CONNECT" in the traffic. That's a
pretty clear sign that someone is running a P2P application....
From: Frederick Garbrecht [mailto:fgarbrecht at ...4638...]
Sent: Tuesday, September 24, 2002 6:58 PM
To: Vieth, Scott; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Is anyone using 'react' to block the use of
Perhaps this doesn't apply, but have you checked the actual packet content
to be sure that the triggering traffic is really Gnutella? I was seeing
alot of these alerts also, but upon looking at the packets it turned out
that one of our users was connecting to some web-based external mail server
which was triggering alerts.
----- Original Message -----
From: "Vieth, Scott" <svieth at ...6966...>
To: <snort-users at lists.sourceforge.net>
Sent: Monday, September 23, 2002 3:38 PM
Subject: [Snort-users] Is anyone using 'react' to block the use of Gnutella?
> Snort is telling me that we have folks using Gnutella to send/receive
> from other Gnutella users on the Internet. I've blocked all the 'easy'
> ports on the firewall to stop P2P file sharing. But the P2P protocols are
> still getting through. I think they are getting more "firewall-smart".
> Since Snort can 'see' the folks who are running Gnutella, could I use
> 'react' to block/disrupt/close those connections?
> Just wondering....
> -Scott Vieth
> Medical College of Wisconsin
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users