[Dshield] [OT] Naughty File Detector

John Hardin johnh at aproposretail.com
Thu Oct 2 16:00:54 GMT 2003


On Thu, 2003-10-02 at 05:31, DAN MORRILL wrote:
> Port 0 traffic (SetUID 0 or otherwise) have noticed that shareazza (which I 
> do use) will get me port 0 traffic because of the port hopping. Probably 
> something unbound in their port designation. You can also tab on the 
> standard P2P ports to get a tip off, if they are just being turned on, then 
> they usually default to their standard port.

Yup.

If you want to take a step towards earning your BOFH spurs, set up a
monitor on the firewall to automatically completely block all traffic
from the host that sends an outbound packet to the default P2P port
number, and alert you via email.

"Hello, help desk"

"My web browsing stopped working"

"Let me check my logs... hmm... running KaZaa, are we?"

"Uh..."

--
John Hardin  KA7OHZ                           
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
  There is no problem that cannot be solved by the appropriate
  application of high explosives.
-----------------------------------------------------------------------
 34 days until Matrix Revolutions




More information about the list mailing list