LowRealSecure Server Sensor, RealSecure Desktop Protector, BlackICE, RealSecure Network, BlackICE PC Protection, BlackICE Server Protection, RealSecure Guard, RealSecure Sentry, BlackICE Agent for Server, Proventia Network MFS, IBM Security Server Protection for Windows, Proventia Network IDS, Proventia-G 1.1 and earlier, Proventia Desktop, Proventia Server IPS for Linux technology, RealSecure Desktop Protector 3.6, Proventia Network IPS, Virtual Server Protection for Vmware:
This security event is categorized as an audit event. It is not necessarily indicative of an attack or threat to your network.
This signature detects a Gnutella file transfer.
This security event is categorized as an audit event. It is not necessarily indicative of an attack or threat to your network.
This signature detects a Gnutella file transfer.
RealSecure Server Sensor, RealSecure Desktop Protector, RealSecure Network, BlackICE PC Protection, BlackICE Server Protection, RealSecure Guard, RealSecure Sentry, BlackICE Agent for Server, Proventia Network MFS, IBM Security Server Protection for Windows, Proventia Network IDS, Proventia-G 1.1 and earlier, Proventia Desktop, Proventia Server IPS for Linux technology, RealSecure Desktop Protector 3.6, Proventia Network IPS, Virtual Server Protection for Vmware: A false positive is possible if the string "GET /get/" appears over the network, in which case it will be identified as a Gnutella download. Also, it is possible for web transfers to be identified as Gnutella transfers if they have a 'get' directory under the http root.
A false positive is possible if the string 'GET /get/' appears over the network, in which case it will be identified as a Gnutella download. Also, it is possible for web transfers to be identified as Gnutella transfers if they have a 'get' directory under the http root.
A false positive is possible if the string “GET /get/” appears over the network, in which case it will be identified as a Gnutella download. Also, it is possible for web transfers to be identified as Gnutella transfers if they have a 'get' directory under the http root.
Low
RealSecure Server Sensor: 7.0, RealSecure Desktop Protector: 3.6, BlackICE: 3.5ebo, RealSecure Network: 7.0, RealSecure Network: SR 1.1, BlackICE PC Protection: 3.6.cbd, BlackICE Server Protection: 3.6.cbd, RealSecure Guard: 3.6, RealSecure Sentry: 3.6, BlackICE Agent for Server: 3.6, Proventia Network MFS: 1.0, IBM Security Server Protection for Windows: 2.1.14.2400, IBM Security Server Protection for Windows: 1.0.914.0, Proventia Network IDS: A Series, Proventia-G 1.1 and earlier: G Series, Proventia Desktop: 8.0.614.1, Proventia Server IPS for Linux technology: 1.0, RealSecure Desktop: baseline, RealSecure Desktop Protector 3.6: baseline, Proventia Network IPS: 2.0, Virtual Server Protection for Vmware: 1.0
Linux Kernel, Microsoft Windows, Unix Unix, Wego Systems Gnutella
Suspicious Activity
Gnutella is a tool for general peer-to-peer (P2P) file sharing, similar to the popular Napster program, but without a centralized server. The Gnutella protocol is well documented on the Internet, making it possible for an attacker to create a customized, malicious Gnutella application with backdoor features. In addition, files shared from other Gnutella users could contain viruses or other backdoor programs.
If use of Gnutella is not in compliance with your system policy, consider terminating the connection associated with this Gnutella event. It may be helpful to remind users of your system policy regarding the use of Gnutella or similar applications.
Gnutella Web site
Welcome to Gnutella
http://gnutella.wego.com/
ISS X-Force
Gnutella download
http://www.iss.net/security_center/static/4821.php