Intrusion Protection Events [v5.001] Home eval

I keep getting the following notifications:

[1:1432:0] A P2P GNUTella GET [Classification: Potential Corporate Privacy Violation] [Priority: 1]: {PROTO006} 128.1.2.75:4304 -> 128.1.2.10:8080

I cannot locate the source of them. I've removed Bearshare but that doesn't fix the problem. I know this strictly isn't an ASL problem, but, can anyone tell me where to look for the source of these P2P packets ?

TIA,

Mike

0 ReD-MaN over 21 years ago

Try going to Packet Filter/Advanced. Then scroll down to Connection Tracking Table, and click Show.

You should be able to see any internal IP's and their connections. This might help you track it down.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 BarryG over 21 years ago

8080 is also what ASL uses for the Squid HTTP proxy.
Make sure you don't have that listening on your EXT interface.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Gert Hansen over 21 years ago in reply to BarryG

Hi Mike,

the Gnutella detection rule is pretty weak as it only looks at port 8080 and the string GET,
this always triggers this rule while you surfing, just disable it.

Regards
Gert
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Mike_Cunningham over 21 years ago in reply to BarryG

Thanks for the 3 responses.

I'll try disabling the rule as Gert suggests.

Mike
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel