Snort mailing list archives

RE: Gnutella

From: Bob Dehnhardt <bob.dehnhardt () trinet com>
Date: Thu, 3 Apr 2003 11:16:17 -0800

I ended up turning off the Gnutella GET signature. It's simply looking for a
GET command on a port other than 80, which is far to general for me. I was
getting multiple alerts for web sites using Flash or Shockwave, as well as
from some internet radio sites. All false positives, but weeding through
them took time away from looking at more serious alerts.

I have no idea how to refine the signature, but as it stands, it's pretty
much useless.

 - Bob

Bob Dehnhardt
Network & Information Security Manager
TriNet
(775) 327-6407

 -----Original Message-----
From:   Keg [mailto:snrtlst () netscape net] 
Sent:   Thursday, April 03, 2003 10:07 AM
To:     Snort-users () lists sourceforge net
Subject:        [Snort-users] Gnutella

I have a P2P Gnutella GET alarm generated for some requests from mail 
servers to 11 addresses, to which it connects on port 25. It looks like 
a legit traffic. Can anybody clarify what it as to with Gnutella?
-- 
Your favorite stores, helpful shopping tools and great gift ideas. 
Experience the convenience of buying online with Shop@Netscape! 
http://shopnow.netscape.com/



-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Gnutella Keg (Apr 03)
- Re: Gnutella Matt Kettler (Apr 03)
- <Possible follow-ups>
- RE: Gnutella Bob Dehnhardt (Apr 03)