File: 2181.txt

package info (click to toggle)
snort 2.7.0-20.4
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 34,512 kB
  • ctags: 18,772
  • sloc: ansic: 115,404; sh: 10,893; makefile: 1,372; perl: 487; sql: 213
file content (76 lines) | stat: -rw-r--r-- 1,636 bytes parent folder | download | duplicates (6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
Rule:  

--
Sid:

2181

--
Summary:
This event is generated when a BitTorrent client transfers data with 
another BitTorrent peer.

--
Impact:

Possible violation of policy and abuse of network resources.

--
Detailed Information:
BitTorrent is a peer-to-peer application used for simultaneous downloads
of large files.  BitTorrent is designed to allow multiple peers to 
download large files simultaneously without using extraneous bandwidth 
from a centralized server.

BitTorrent peers connect to other peers for file transfer.  This rule 
looks for the BitTorrent protocol header on the default BitTorrent 
ports.

--
Attack Scenarios:
A user downloaded a BitTorrent client and attempts to download files 
from a BitTorrent network.

--
Ease of Attack:

Unix, Windows, and MacOS clients are publicly available for BitTorrent.

--
False Positives:

None Known.

--
False Negatives:

The protocol name is hard coded in BitTorrent to "BitTorrent Protocol".
If the protocol name was changed in the clients and tracker, then this
rule would not generate an event.

The minimum and maximum ports for BitTorrent clients to listen on are 
hard coded in the clients.  If the minimum and maximum ports were 
changed in the clients, then this rule would not generate an event.

--
Corrective Action:

If this is a violation of network policy, take appropriate steps to 
prevent further violations.

--
Contributors:

Sourcefire Research Team
Brian Caswell <bmc@sourcefire.com>

-- 
Additional References:

Bittorrent Protocol Specification
http://bitconjurer.org/BitTorrent/protocol.html

Wikipedia
http://en.wikipedia.org/wiki/BitTorrent

--