Edonkey is present on the system (Edonkey_Connect)

About this signature or vulnerability

RealSecure Desktop Protector 3.6, Proventia Network IPS, Proventia Network MFS, IBM Security Server Protection for Windows, Proventia-G 1.1 and earlier, Proventia Desktop, Proventia Network IDS, BlackICE Agent for Server, BlackICE Server Protection, BlackICE PC Protection, RealSecure Server Sensor, RealSecure Network, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:

This signature detects a connection between a edonkey client and a edonkey server.

This signature detects an EDonkey client attempting a connection to what is presumed to be an EDonkey server.


False positives

Proventia Network IPS, Proventia Network MFS, IBM Security Server Protection for Windows, Proventia-G 1.1 and earlier, Proventia Desktop, Proventia Network IDS, RealSecure Server Sensor, RealSecure Network, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware: This event triggers after a TCP/IP 3-way handhake, when the EDonkey client sends a 'hello' messsage. If the EDonkey client connects to an open TCP port on a server that is not an EDonkey server, the 'hello' message is still sent and this event will trigger.

Default risk level

Low risk vulnerability  Low

Sensors that have this signature

RealSecure Desktop: baseline, RealSecure Desktop Protector 3.6: baseline, Proventia Network IPS: 2.0, Proventia Network MFS: XPU 1.18, IBM Security Server Protection for Windows: 1.0.914.0, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia-G 1.1 and earlier: XPU 22.21, Proventia Desktop: 8.0.614.1, Proventia Network IDS: XPU 22.21, BlackICE Agent for Server: 3.6eof, BlackICE Server Protection: 3.6.cpa, BlackICE PC Protection: 3.6cpa, RealSecure Server Sensor: XPU 22.21, RealSecure Network: XPU 22.21, Proventia Server IPS for Linux technology: 1.0, Virtual Server Protection for Vmware: 1.0

Systems affected

Linux Kernel, Microsoft Windows NT: 4.0, Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Me, Microsoft Windows XP, Apple Mac OS X: 10.2

Type

Suspicious Activity

Vulnerability description

The Edonkey application is installed on a system. Edonkey is an application that helps users locate, upload, and download files over the Internet.

How to remove this vulnerability

If use of the Edonkey application is not in compliance with your system policy, consider uninstalling the Edonkey application. It may be helpful to remind users of your system policy regarding the use of Edonkey or similar applications.

References

Edonkey Web site
Edonkey
http://www.edonkey2000.com

ISS X-Force
Edonkey is present on the system
http://www.iss.net/security_center/static/10627.php