Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2181 |
Message | P2P BitTorrent transfer |
Summary | This event is generated when a BitTorrent client transfers data with another BitTorrent peer. |
Impact | Possible violation of policy and abuse of network resources. |
Detailed Information | BitTorrent is a peer-to-peer application used for simultaneous downloads of large files. BitTorrent is designed to allow multiple peers to download large files simultaneously without using extraneous bandwidth from a centralized server. BitTorrent peers connect to other peers for file transfer. This rule looks for the BitTorrent protocol header on the default BitTorrent ports. |
Affected Systems | |
Attack Scenarios | A user downloaded a BitTorrent client and attempts to download files from a BitTorrent network. |
Ease of Attack | Unix, Windows, and MacOS clients are publicly available for BitTorrent. |
Corrective Action | If this is a violation of network policy, take appropriate steps to prevent further violations. |
Additional References | Bittorrent Protocol Specification http://bitconjurer.org/BitTorrent/protocol.html Wikipedia http://en.wikipedia.org/wiki/BitTorrent |
--
DID:883169
--
http://www.aanval.com/