[Snort-users] Gnutella

Bob Dehnhardt bob.dehnhardt at ...7168...
Thu Apr 3 11:21:02 EST 2003


I ended up turning off the Gnutella GET signature. It's simply looking for a
GET command on a port other than 80, which is far to general for me. I was
getting multiple alerts for web sites using Flash or Shockwave, as well as
from some internet radio sites. All false positives, but weeding through
them took time away from looking at more serious alerts.

I have no idea how to refine the signature, but as it stands, it's pretty
much useless.

 - Bob

Bob Dehnhardt
Network & Information Security Manager
TriNet
(775) 327-6407

 -----Original Message-----
From: 	Keg [mailto:snrtlst at ...2792...] 
Sent:	Thursday, April 03, 2003 10:07 AM
To:	Snort-users at lists.sourceforge.net
Subject:	[Snort-users] Gnutella

I have a P2P Gnutella GET alarm generated for some requests from mail 
servers to 11 addresses, to which it connects on port 25. It looks like 
a legit traffic. Can anybody clarify what it as to with Gnutella?
-- 
Your favorite stores, helpful shopping tools and great gift ideas. 
Experience the convenience of buying online with Shop at ...2793...! 
http://shopnow.netscape.com/



-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list