Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 1 reply
  • Subscribers 0 subscribers
  • Views 1159 views
  • Users 0 members are here
Options
Suggested

[7.190] Outbound eDonkey traffic is classified as Skype [CONFIRMED]

Monarch
Just tested IM/P2P-Control with eMule and got the following log... 

2008:04:20-00:55:14 (none) ulogd[2549]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60103" outitf="ppp0" srcip="192.168.0.5" dstip="89.128.25.221" proto="17" length="63" tos="0x00" prec="0x00" ttl="127" srcport="4665" dstport="7668" 

2008:04:20-00:55:15 (none) ulogd[2549]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60103" outitf="ppp0" srcip="192.168.0.5" dstip="81.220.239.242" proto="17" length="63" tos="0x00" prec="0x00" ttl="127" srcport="4665" dstport="7935" 

2008:04:20-00:55:15 (none) ulogd[2549]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60103" outitf="ppp0" srcip="192.168.0.5" dstip="84.250.64.120" proto="17" length="63" tos="0x00" prec="0x00" ttl="127" srcport="4665" dstport="47623" 

2008:04:20-00:55:16 (none) ulogd[2549]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60103" outitf="ppp0" srcip="192.168.0.5" dstip="88.205.166.187" proto="17" length="63" tos="0x00" prec="0x00" ttl="127" srcport="4665" dstport="52522" 

2008:04:20-00:55:17 (none) ulogd[2549]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60103" outitf="ppp0" srcip="192.168.0.5" dstip="83.200.56.131" proto="17" length="63" tos="0x00" prec="0x00" ttl="127" srcport="4665" dstport="16500" 

2008:04:20-00:55:18 (none) ulogd[2549]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60103" outitf="ppp0" srcip="192.168.0.5" dstip="58.182.65.216" proto="17" length="63" tos="0x00" prec="0x00" ttl="127" srcport="4665" dstport="28743" 

2008:04:20-00:55:19 (none) ulogd[2549]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60103" outitf="ppp0" srcip="192.168.0.5" dstip="212.195.147.127" proto="17" length="63" tos="0x00" prec="0x00" ttl="127" srcport="4665" dstport="6764" 

2008:04:20-00:55:19 (none) ulogd[2549]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60103" outitf="ppp0" srcip="192.168.0.5" dstip="87.18.7.165" proto="17" length="63" tos="0x00" prec="0x00" ttl="127" srcport="4665" dstport="25923" 


I assume differentiating between those traffic types is not quite easy..

Regards,
Bastian
Parents Reply Children
No Data
Unfiltered HTML