Snort mailing list archives
RE: P2P GNUTella GET
From: "Dave Thornburgh" <dthorn () myrealbox com>
Date: Mon, 10 Mar 2003 09:45:12 -0800
-----Original Message----- Sent: Saturday, March 08, 2003 4:51 AM To: snort-users () lists sourceforge net Subject: [Snort-users] P2P GNUTella GET hi I'm being troubled by this alert, its from indiatimes.com and is flooding my database.alert signature:P2P GNUTella GET source=192.168.0.4:2109 dest=203.199.70.225:8080
I'm a little confused by Ken and Erek's responses. I thought that this rule is triggered by Gnutella traffic FROM Bishan's network TO an external host. In that case, the rule is to alert him that one of his users is attempting to run Gnutella. If I'm reading that right, then what would be the point of blinding the rule to 8080 traffic? At that point, he may as well just comment out the rule altogether. Am I reading this whole thing wrong? Dave ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- P2P GNUTella GET Always Bishan (Mar 08)
- Re: P2P GNUTella GET Erek Adams (Mar 08)
- Re: P2P GNUTella GET Kenneth G. Arnold (Mar 08)
- RE: P2P GNUTella GET Dave Thornburgh (Mar 10)
- RE: P2P GNUTella GET Erek Adams (Mar 10)
- RE: P2P GNUTella GET Always Bishan (Mar 10)