Snort mailing list archives
RE: Is anyone using 'react' to block the use of Gnu tella?
From: "Vieth, Scott" <svieth () mail mcw edu>
Date: Wed, 25 Sep 2002 10:23:35 -0500
Thanks for the tip. I'll look inside the packets before I go any further to make sure it's really P2P traffic. However, one of the Snort signatures that is firing is looking for "GNUTELLA CONNECT" in the traffic. That's a pretty clear sign that someone is running a P2P application.... Thanks, -Scott :^) -----Original Message----- From: Frederick Garbrecht [mailto:fgarbrecht () ecogchair org] Sent: Tuesday, September 24, 2002 6:58 PM To: Vieth, Scott; snort-users () lists sourceforge net Subject: Re: [Snort-users] Is anyone using 'react' to block the use of Gnutella? Hi Scott Perhaps this doesn't apply, but have you checked the actual packet content to be sure that the triggering traffic is really Gnutella? I was seeing alot of these alerts also, but upon looking at the packets it turned out that one of our users was connecting to some web-based external mail server which was triggering alerts. Fred ----- Original Message ----- From: "Vieth, Scott" <svieth () mail mcw edu> To: <snort-users () lists sourceforge net> Sent: Monday, September 23, 2002 3:38 PM Subject: [Snort-users] Is anyone using 'react' to block the use of Gnutella?
Hi: Snort is telling me that we have folks using Gnutella to send/receive
files
from other Gnutella users on the Internet. I've blocked all the 'easy'
TCP
ports on the firewall to stop P2P file sharing. But the P2P protocols are still getting through. I think they are getting more "firewall-smart". Since Snort can 'see' the folks who are running Gnutella, could I use 'react' to block/disrupt/close those connections? Just wondering.... Thanks, -Scott Vieth Medical College of Wisconsin ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Is anyone using 'react' to block the use of Gnu tella? Vieth, Scott (Sep 25)
- Scans detected for /admini and /admini/ R P G (Sep 25)