Re: [Full-disclosure] NNTP and Yahoo IM conflict
- From: mikeiscool <michaelslists@xxxxxxxxx>
- Date: Thu, 10 Aug 2006 16:16:55 +1000
On 8/10/06, NTR <ntr@xxxxxxxxxx> wrote:
I am trying analyze NNTP traffic and i have created a profile for NNTP
protocol. It's a kind of NNTP protocol anomaly detection.
I have also observed some time Yahoo Instant Messenger uses NNTP
port. Though it is using NNTP port the format is quite different
from NNTP protocol. It is the point where my parsing engine facing
problem. Each time whenever yahoo connects on NNTP port
my parsing engine treats it as NNTP protocol anomaly and start generating
alerts. I am looking for some advise or solution to solve
this problem. how we should profile NNTP protocol so that it can
differentiate yahoo traffic from the genuine NNTP traffic.
Thanks and anticipating early solutions.
I guess this would be a start:
Thanks and Regards,
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: [Full-disclosure] Tabloid phone-tapping net widens
- Next by Date: [Full-disclosure] EEYE: Free scanning tool for critical MS06-040 flaw
- Previous by thread: [Full-disclosure] NNTP and Yahoo IM conflict
- Next by thread: [Full-disclosure] Tabloid phone-tapping net widens