[unisog] Infringement Complaint protocol question: DirectConnect?
schaffer at mtsu.edu
Mon Mar 24 17:05:02 GMT 2003
Incidently, Packeteer's PacketShaper (5.3) does distinguish beteen
DirectConnect and FTP.
I'm not connected with Packeteer, just a happy customer :^)
Director of Network Services
Information Technology Division
Middle Tennessee State University
----- Original Message -----
From: "Asadoorian, Paul D" <Paul_Asadoorian at brown.edu>
To: "Joshua Wright" <Joshua.Wright at jwu.edu>; <unisog at sans.org>
Sent: Monday, March 24, 2003 10:26 AM
Subject: RE: [unisog] Infringement Complaint protocol question:
> # grep DirectConnect /dev/brain
> DirectConnect is yet another Peer-To-Peer filesharing system
> (http://www.neo-modus.com/). The network of multiple direct connect
> machines, called a hub, is managed by the users themselves. I think
> that access can be allowed or denied on an IP address basis. I also
> think that many are running it over port 21, which makes it blend with
> FTP traffic, and annoyingly generates false positives on the IDS. A
> machine running Direct Connect will display the following banner when
> you connect to the port:
> $MyNick SzBalazs|$Lock EXTENDEDPROTOCOLABCABCABCABCABCABC
> I'm just starting to research more about this protocol, and possibly
> develop some snort rules (to be shared with the group of course), so any
> additional information or help would be great.
> Paul Asadoorian, GCIA
> Brown University
> 115 Waterman St.
> Providence, RI 02912
More information about the unisog