[unisog] Infringement Complaint protocol question: DirectConnect?
Asadoorian, Paul D
Paul_Asadoorian at brown.edu
Mon Mar 24 16:26:45 GMT 2003
# grep DirectConnect /dev/brain
DirectConnect is yet another Peer-To-Peer filesharing system
(http://www.neo-modus.com/). The network of multiple direct connect
machines, called a hub, is managed by the users themselves. I think
that access can be allowed or denied on an IP address basis. I also
think that many are running it over port 21, which makes it blend with
FTP traffic, and annoyingly generates false positives on the IDS. A
machine running Direct Connect will display the following banner when
you connect to the port:
$MyNick SzBalazs|$Lock EXTENDEDPROTOCOLABCABCABCABCABCABC
I'm just starting to research more about this protocol, and possibly
develop some snort rules (to be shared with the group of course), so any
additional information or help would be great.
Paul Asadoorian, GCIA
115 Waterman St.
Providence, RI 02912
PGP Key: http://pauldotcom.com/Paul_Asadoorian.asc
Fingerprint: 42CB D9A8 37C4 2D1C A2FE 927F C946 9174 41DC 7A4F
From: Joshua Wright [mailto:Joshua.Wright at jwu.edu]
Sent: Monday, March 24, 2003 10:29 AM
To: unisog at sans.org
Subject: [unisog] Infringement Complaint protocol question:
I have received a message from MediaForce about a claim of copyright
work infringement. In the infringement detail section, MediaForce
indicates the Network and Protocol are "DirectConnect".
Does anyone know what DirectConnect references? I doubt it is
SMB/Windows networking since I block the NetBIOS ports egress and
ingress - any other thoughts?
Senior Network and Security Architect
Johnson & Wales University
Joshua.Wright at jwu.edu
fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73
More information about the unisog