IDS mailing list archives
Snort bleeding edge alert: p2p kazaa - false positive?
From: musixfuture () yahoo com
Date: 4 May 2006 17:20:58 -0000
Hello, I keep seeing this alert, and when I look at the payload, I cant find what would trigger this alert in Snort. I'm assuming that it probably is spyware (could actually be p2p activity; although there is nothing in the payload, and only one occurrence usually). The alert is: BLEEDING-EDGE P2P Kaaza Media desktop p2pnetworking.exe Activity The port is originating from :5004 destination is:1888 (huh) ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Snort bleeding edge alert: p2p kazaa - false positive? musixfuture (May 04)