LowBlackICE, RealSecure Network, BlackICE Agent for Server, RealSecure Desktop Protector, RealSecure Server Sensor, RealSecure Guard, RealSecure Sentry, BlackICE PC Protection, BlackICE Server Protection, Proventia Server IPS for Microsoft Windows technology, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, Proventia Server IPS for Linux technology, RealSecure Desktop Protector 3.6, Proventia Network IPS, Proventia Desktop:
This security event is categorized as an audit event. It is not necessarily indicative of an attack or threat to your network.
This signature detects a Gnutella file transfer.
RealSecure Network, BlackICE Agent for Server, RealSecure Desktop Protector, RealSecure Server Sensor, RealSecure Guard, RealSecure Sentry, BlackICE PC Protection, BlackICE Server Protection, Proventia Server IPS for Microsoft Windows technology, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, Proventia Server IPS for Linux technology, RealSecure Desktop Protector 3.6, Proventia Network IPS, Proventia Desktop: A false positive is possible if the string "GET /get/" appears over the network, in which case it will be identified as a Gnutella download. Also, it is possible for web transfers to be identified as Gnutella transfers if they have a 'get' directory under the http root.
A false positive is possible if the string 'GET /get/' appears over the network, in which case it will be identified as a Gnutella download. Also, it is possible for web transfers to be identified as Gnutella transfers if they have a 'get' directory under the http root.
A false positive is possible if the string “GET /get/” appears over the network, in which case it will be identified as a Gnutella download. Also, it is possible for web transfers to be identified as Gnutella transfers if they have a 'get' directory under the http root.
Low
BlackICE: 3.5ebo, RealSecure Network: 7.0, RealSecure Network: SR 1.1, BlackICE Agent for Server: 3.6, RealSecure Desktop Protector: 3.6, RealSecure Server Sensor: 7.0, RealSecure Guard: 3.6, RealSecure Sentry: 3.6, BlackICE PC Protection: 3.6.cbd, BlackICE Server Protection: 3.6.cbd, Proventia Server IPS for Microsoft Windows technology: 1.0.914.0, Proventia Network MFS: 1.0, Proventia-G 1.1 and earlier: G Series, Proventia Network IDS: A Series, Proventia Server IPS for Linux technology: 1.0, RealSecure Desktop Protector 3.6: baseline, Proventia Network IPS: 2.0, Proventia Desktop: 8.0.614.1, RealSecure Desktop: baseline
Linux Kernel, Microsoft Windows, Various vendors Unix, Wego Systems Gnutella
Suspicious Activity
Gnutella is a tool for general peer-to-peer (P2P) file sharing, similar to the popular Napster program, but without a centralized server. The Gnutella protocol is well documented on the Internet, making it possible for an attacker to create a customized, malicious Gnutella application with backdoor features. In addition, files shared from other Gnutella users could contain viruses or other backdoor programs.
If use of Gnutella is not in compliance with your system policy, consider terminating the connection associated with this Gnutella event. It may be helpful to remind users of your system policy regarding the use of Gnutella or similar applications.
Gnutella Web site
Welcome to Gnutella
http://gnutella.wego.com/
ISS X-Force
Gnutella download
http://www.iss.net/security_center/static/4821.php