Full Disclosure mailing list archives
Re: NNTP and Yahoo IM conflict
From: mikeiscool <michaelslists () gmail com>
Date: Thu, 10 Aug 2006 16:16:55 +1000
On 8/10/06, NTR <ntr () intoto com> wrote:
Hi All, I am trying analyze NNTP traffic and i have created a profile for NNTP protocol. It's a kind of NNTP protocol anomaly detection. I have also observed some time Yahoo Instant Messenger uses NNTP port. Though it is using NNTP port the format is quite different from NNTP protocol. It is the point where my parsing engine facing problem. Each time whenever yahoo connects on NNTP port my parsing engine treats it as NNTP protocol anomaly and start generating alerts. I am looking for some advise or solution to solve this problem. how we should profile NNTP protocol so that it can differentiate yahoo traffic from the genuine NNTP traffic. Thanks and anticipating early solutions.
I guess this would be a start: ftp://ftp.rfc-editor.org/in-notes/rfc977.txt
Thanks and Regards, NTR
-- mic _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- NNTP and Yahoo IM conflict NTR (Aug 09)
- Re: NNTP and Yahoo IM conflict mikeiscool (Aug 09)