Snort mailing list archives

RE: Morpheous detection

From: Chip Kelly <Chip.Kelly () sas com>
Date: Thu, 7 Feb 2002 12:54:41 -0500

I've tried monitoring port 1214 and have not been able to correlate that traffic with known Morpheus installs. It seems 
to be a popular port for other "chatty" applications. I'll try adding "GET" as an additional qualifier. Also, 1214 is 
the default port for Morpheus, but it can be configured to use any port. -chip

-----Original Message-----
From: Jim Forster [mailto:jforster () rapidnet com]
Sent: Thursday, February 07, 2002 12:00 PM
To: vancleef () microunity com; Snort E-mail List
Subject: Re: [Snort-users] Morpheous detection

I'd just watch for "GET" coming in on TCP 1214...  Kazaa and Morpheus use the same engine..
This way you even get to see what their tastes in music are.  :)

---==On Thu, 7 Feb 2002 08:50:48 -0800 (PST), Bob Van Cleef wrote==---


In one report I saw this quote:
---------------------------------------------------------------------
-
Some might see this merely as a cautionary tale for Morpheus users:
when
sharing files, they should realize that they are opening up their
computer--if only a few files on it--to strangers. They must take
responsibility for what they are doing.

Unfortunately, the problem strikes more deeply than that. If the
compromised machine is part of an organization's network, that
machine
becomes a stepping-stone to compromising the entire network. This
feature
thus can endanger an entire network. Sysadmins must ensure that user
machines have the appropriate sharing safeguards. This may be
difficult
with systems that share everything as the default. In the long run,
it's
the compromised networks that pay the price for free music.
---------------------------------------------------------------------
-

Is there a signature that would alert me if someone was running
Morpheus or an equivalent program on one of our systems?

Bob



-------------------------------------------------------------------- 
Sleep: A completely inadequate substitute for caffeine.

Jim Forster, jforster () rapidnet com on 02/07/2002
Network Administrator
RapidNet, A Golden West Company

_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to 
this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users 
list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Morpheous detection Bob Van Cleef (Feb 07)
- Re: Morpheous detection Jim Forster (Feb 07)
- Re: Morpheous detection Chris Green (Feb 07)
- <Possible follow-ups>
- RE: Morpheous detection Chip Kelly (Feb 07)