[unisog] Infringement Complaint protocol question: DirectConnect?

Greg Schaffer schaffer at mtsu.edu
Mon Mar 24 17:05:02 GMT 2003


Incidently, Packeteer's PacketShaper (5.3) does distinguish beteen
DirectConnect and FTP.

I'm not connected with Packeteer, just a happy customer :^)

Greg

Greg Schaffer
Director of Network Services
Information Technology Division
Middle Tennessee State University
----- Original Message -----
From: "Asadoorian, Paul D" <Paul_Asadoorian at brown.edu>
To: "Joshua Wright" <Joshua.Wright at jwu.edu>; <unisog at sans.org>
Sent: Monday, March 24, 2003 10:26 AM
Subject: RE: [unisog] Infringement Complaint protocol question:
DirectConnect?


> # grep DirectConnect /dev/brain
>
> DirectConnect is yet another Peer-To-Peer filesharing system
> (http://www.neo-modus.com/).  The network of multiple direct connect
> machines, called a hub, is managed by the users themselves.  I think
> that access can be allowed or denied on an IP address basis.  I also
> think that many are running it over port 21, which makes it blend with
> FTP traffic, and annoyingly generates false positives on the IDS.  A
> machine running Direct Connect will display the following banner when
> you connect to the port:
>
> $MyNick SzBalazs|$Lock EXTENDEDPROTOCOLABCABCABCABCABCABC
> Pk=DCPLUSPLUS0.24ABCABC|
>
> I'm just starting to research more about this protocol, and possibly
> develop some snort rules (to be shared with the group of course), so any
> additional information or help would be great.
>
> Thanks,
>
> Paul Asadoorian, GCIA
> Brown University
> 115 Waterman St.
> Providence, RI 02912
> 401.863.7553
>



More information about the unisog mailing list