Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NNTP and Yahoo IM conflict

From: mikeiscool <michaelslists () gmail com>
Date: Thu, 10 Aug 2006 16:16:55 +1000
On 8/10/06, NTR <ntr () intoto com> wrote:

Hi All,

I am trying analyze NNTP traffic and i have created a profile for NNTP
protocol.  It's a kind of NNTP protocol anomaly detection.
I have also observed some time Yahoo Instant Messenger uses NNTP
port.  Though it is using NNTP port the format is quite different
from NNTP protocol.  It is the point where my parsing engine facing
problem.  Each time whenever yahoo connects on NNTP port
my parsing engine treats it as NNTP protocol anomaly and start generating
alerts.  I am looking for some advise or solution to solve
this problem.  how we should profile NNTP protocol so that it can
differentiate yahoo traffic from the genuine NNTP traffic.

Thanks and anticipating early solutions.


I guess this would be a start:

ftp://ftp.rfc-editor.org/in-notes/rfc977.txt



Thanks and Regards,
NTR


-- mic

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: