本帖最后由 Inner 于 2010-4-26 13:16 编辑
Severity: Medium
This attack could pose a moderate security threat. It does not require immediate action.
Description
This signature detects the Ping messages between an eDonkey client and an eDonkey server.
Additional Information
The use of certain P2P applications is restricted in certain environments. EDonkey is a file sharing application that is available at edonkey2000.com. The eDonkey client supports the Overnet network as well as the eDonkey network.
The eDonkey network (also called eDonkey2000 network or ed2k) is a file sharing network used primarily to exchange music, movies, and software. Like most file sharing networks, it is decentralized; files are not stored on a central server but are exchanged directly between users based on the peer-to-peer principle.
The eDonkey client programs connect to the network to share files. eDonkey servers act as communication hubs for the clients and allow users to locate files within the network. Clients and servers are available for Windows, Macintosh, Linux, and other UNIX variants. Anyone can add a server to the network. Because of constant changes to the server network, clients update their server lists regularly.
The eDonkey network uses a compound MD4 hash checksum to identify files, which allows identification of identical files with different file names, as well as distinction of differing files with identical file names. Another feature of eDonkey is that for files greater than approximately 9.8 MB, it shares file segments before the download completes. This speeds up the distribution of large files throughout the network.
Affected
Windows, Mac, and Linux
Response
Uninstall the eDonkey application if its use is restricted by the network policy.
Possible False Positives
There are no known cases of false positives associated with this signature.
楼主自定义了什么规则没有,我虚拟机里貌似没有楼主的现象(SEP 11R6+最新版迅雷/电驴) |
发表于 2010-4-26 13:06:40
楼主
