[Dshield] I should recognize this, but...

James C Slora Jr Jim.Slora at phra.com
Wed Apr 28 13:16:56 GMT 2004


 
On Tue, 27 Apr 2004 13:09:09 -0700 Josh Tolley wrote

> I think I should probably recognize this traffic, but I 
> don't. Anyone know what it is from? Snort says it's p2p 
> traffic, and I'm willing to believe it, but I'm looking for 
> specifics on the client, if it really is p2p. Google didn't 
> turn up much for me... TIA

Jedi?request means GoToMyPC, a remote control program promoted through spam.
www.GoToMyPC.com
 
> Generated by ACID v0.9.6b23 on Tue, 27 Apr 2004 13:00:30 -0700
> 
> --------------------------------------------------------------
> ----------------
> #(5 - 12032) [2004-04-26 10:07:17] [snort/1432]  P2P GNUTella GET
> IPv4: xxx.xxx.xxx.xxx -> 216.115.213.29
>        hlen=5 TOS=0 dlen=204 ID=6189 flags=0 offset=0 TTL=128
> TCP:  port=2699 -> dport: 8200  flags=***AP*** seq=846113190
>        ack=1475707860 off=5 res=0 win=64512 urp=0 chksum=45838
> Payload:  length = 164
> 
> 000 : 47 45 54 20 2F 6A 65 64 69 3F 72 65 71 75 65 73   GET 
> /jedi?reques




More information about the list mailing list