File: 2587.txt

package info (click to toggle)
snort 2.7.0-20.4
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 34,512 kB
  • ctags: 18,772
  • sloc: ansic: 115,404; sh: 10,893; makefile: 1,372; perl: 487; sql: 213
file content (61 lines) | stat: -rw-r--r-- 1,237 bytes parent folder | download | duplicates (6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
Rule:

--
Sid:
2587

--
Summary:
This event is generated when activity by Peer-to-Peer (p2p) clients is detected.

--
Impact:
Informational event. Unauthorized use of a p2p client may be in progress.

--
Detailed Information:
This event indicates that use of a p2p client has been detected. 
This may be against corporate policy. p2p clients connect to other p2p 
clients to share files, commonly music and video files but can be configured 
to share any file on the local machine. In particular this event is
generated when the p2p client eDonkey is used.

This activity may not only use bandwidth but may also be used to transfer 
company confidential information to unauthorized hosts external to the 
protected network bypassing other security measures in place.

--
Affected Systems:
Any host using an eDonkey p2p client.

--
Attack Scenarios:
This is indicative of the use of a p2p client.

--
Ease of Attack:
Simple.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Check the host and uninstall any p2p client found.

--
Contributors:
Sourcefire Vulnerability Research Team
Alex Kirk <alex.kirk@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

--
Additional References:


--