Snort mailing list archives
RE: P2P GUNTella GET?
From: Gary Danko <GDanko () proflowers com>
Date: Tue, 5 Aug 2003 10:04:55 -0700
I get a lot of these too. Mine are mostly false positives. I have modified the rule to exlcude the servers that are sending false pos. -----Original Message----- From: Stevo [mailto:checkpoint () ozbergs com] Sent: Tuesday, August 05, 2003 9:45 AM To: snort-users () lists sourceforge net Subject: [Snort-users] P2P GUNTella GET? Hey Snort Gurus, I'm getting a bunch of these P2P GUNTella GET events in ACID which is cool, but the source address is always my Exchange Server (x.x.x.15) and the destination is always the same (198.116.65.48 port 25)... what is causing this?? Is this something I should be worries about??? Below is the event from Acid: #15-(1-16307) [snort] P2P GNUTella GET 2003-08-05 08:31:52 x.x.x.15:37897 198.116.65.48:25 TCP Thanks Stevo ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- P2P GUNTella GET? Stevo (Aug 05)
- <Possible follow-ups>
- RE: P2P GUNTella GET? Gary Danko (Aug 05)
- Re: P2P GUNTella GET? Stevo (Aug 05)
- Re: P2P GUNTella GET? Stevo (Aug 05)
- Re: P2P GUNTella GET? Erek Adams (Aug 06)
- RE: P2P GUNTella GET? Gary Danko (Aug 05)
- P2P GUNTella GET? Steve Berg (Aug 05)