Snort mailing list archives
RE: Gnutella
From: Bob Dehnhardt <bob.dehnhardt () trinet com>
Date: Thu, 3 Apr 2003 11:16:17 -0800
I ended up turning off the Gnutella GET signature. It's simply looking for a GET command on a port other than 80, which is far to general for me. I was getting multiple alerts for web sites using Flash or Shockwave, as well as from some internet radio sites. All false positives, but weeding through them took time away from looking at more serious alerts. I have no idea how to refine the signature, but as it stands, it's pretty much useless. - Bob Bob Dehnhardt Network & Information Security Manager TriNet (775) 327-6407 -----Original Message----- From: Keg [mailto:snrtlst () netscape net] Sent: Thursday, April 03, 2003 10:07 AM To: Snort-users () lists sourceforge net Subject: [Snort-users] Gnutella I have a P2P Gnutella GET alarm generated for some requests from mail servers to 11 addresses, to which it connects on port 25. It looks like a legit traffic. Can anybody clarify what it as to with Gnutella? -- Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Gnutella Keg (Apr 03)
- Re: Gnutella Matt Kettler (Apr 03)
- <Possible follow-ups>
- RE: Gnutella Bob Dehnhardt (Apr 03)