You can use v5's IPS to detect the GET command on ports other than 80 which is typically Gnutella traffic. This is a problem if you're using the HTTP proxy. It causes false alarms. You could manually edit the rule to chnage the !80 to !. There are GPL tools available that can be run on Linux to detect and/or block P2P traffic but it would require hacking ASL.
Running here with the proxy in transparent mode, it correclty identifies all my kazaa signins and file transfers, and bittorrent as well. I can drop them as needed, so i'm havin no problems or false +v's.
Even if the get request might cause someone problems, blocking the traffic itself shouldnt be any problem....Intrusion Protection is working like a charm for me.
