SonicALERT
Search

Sonicwall Signatures


Go to All Categories list.
Go to All Applications list.

Category: P2P

P2P Category Description

This SonicWALL IPS signature category consists of a group of signatures that can detect and prevent network traffic associated with Peer to Peer (P2P) filesharing networks. These networks allow users to download and share music, movies, pictures, software, etc and are often used on corporate networks to take advantage of a broadband connection. Besides posing legal liabilities and decreasing productivity, P2P networks pose a variety of threats to network performance and security.

Most obviously, P2P file sharing causes can clog a network by substantially increasing traffic. Not only do P2P applications allow users to download mutli-megabyte or gigabyte files, increasing inbound traffic; they also allow computers inside a network to function as servers, causing large increases in outbound traffic as well. This activity can choke bandwidth, slowing down legitimate communcation, and even resulting in denial of service.

More seriously, P2P clients can compromise network security by effectively boring holes into firewalls. P2P networks send information over a port that is not usually used for network traffic, for example port 1214. Because most firewalls block these ports, P2P clients will often ask the user to disable security restrictions on these ports. Many clients also implement tunelling techniques where the P2P traffic is disguised as normal web traffic which many firewalls assume is harmless. In both of these instances, this unprotected port is an attractive target for attackers who can use it to establish a backdoor connection and take control of computers within the networks. P2P clients thus give users not only the incentive but also the means to circumvent network security policies.

The threats posed by P2P networks, however, are not confined to technical issues raised by their file transfer protocols. They also allow users to download files whose origins cannot be verified, increasing the risk of downloading and installing malicious or buggy software that can propagate across the network. Combined with the security holes that P2P clients can open through techniques like tunelling, the dubious quality of downloaded files provides an attractive point of entry for a number of viruses, Trojan horses, and worms. A number of attackers have taken advantage of this, writing malware that use P2P networks as a major vector for spreading between networks.

SonicWALL P2P signatures, when enabled, allow administrators to prevent P2P-related traffic by preventing users from logging on to networks, blocking outbound queries for available servers outside of the network, blocking inbound requests to enumerate P2P servers inside of the network, as well as blocking the actual file transfers themselves. Because of the performance degradation, security risks and few legitimate uses of P2P networks in the workplace, these signatures should generally be enabled.

  Winny -- Login
  eMule -- Obfuscated Protocol
  BitTorrent Protocol -- UDP Activity 1 [Reqs SID 5]
  BitTorrent Protocol -- UDP Activity 2 [Reqs SID 5]
  Xunlei Thunder -- Search Activity 3
  QQDownload -- UDP Activity 1
  Xunlei Thunder -- Search Activity 4
  Xunlei Thunder Player -- UDP Activity (Outbound) 1
  Xunlei Thunder Player -- UDP Activity (Outbound) 2
  Xunlei Thunder Player -- UDP Activity (Outbound) 3
  Xunlei Thunder Player -- UDP Activity (Inbound) 1
  Xunlei Thunder Player -- UDP Activity (Inbound) 2
  Xunlei Thunder Player -- UDP Activity (Inbound) 3
  Xunlei Thunder Player -- UDP Activity (Outbound) 4
  GNUTella -- UDP Activity 4
  LimeWire -- TCP Activity 1
  SopCast -- UDP Activity
  Xunlei Thunder Player -- UDP Activity (Outbound) 5
  BitTorrent Protocol -- HTTP User-Agent (KTorrent) [Reqs SID 5]
  BitComet -- DNS Query
  BitComet -- HTTP Activity
  BitSpirit -- HTTP User-Agent
  Kontiki -- HTTP Activity 1
  Kontiki -- HTTP Activity 2
  QQDownload -- UDP Activity 2
  BitTorrent Protocol -- DNS Query 1 [Reqs SID 5]
  eMule -- UDP Activity (Kad) 1
  eMule -- UDP Activity (Kad) 2
  BitTorrent Protocol -- HTTP User-Agent 1 [Reqs SID 5]
  Soulseek -- HTTP User-Agent
  LimeWire -- TCP Activity 2
  eMule -- Request URI (ed2k)
  QQDownload -- Proprietary Protocol
  Poco -- HTTP Activity
  Poco -- UDP Activity
  KKBox -- SSL/TLS Activity
  KKBox -- HTTP Activity
  GNUTella -- UDP Activity 1
  GNUTella -- UDP Activity 2
  GNUTella -- UDP Activity 3
  GNUnet -- HTTP User-Agent
  Soribada -- HTTP Activity
  MLDonkey -- HTTP User-Agent
  Shareaza -- SSL/TLS Activity
  Shareaza -- TCP Activity 1
  Shareaza -- TCP Activity 2
  GNUTella -- TCP Activity
  BitTorrent Protocol -- HTTP Activity 1 [Reqs SID 5]
  BitTorrent Protocol -- TCP Activity 1 [Reqs SID 5]
  eMule -- HTTP Activity 1
  Filetopia -- TCP Activity
  WinMX -- TCP Activity
  MP2P -- UDP Activity
  Ares -- TCP Activity 1
  Kademlia -- UDP Activity
  eMule -- TCP Activity 3
  eMule -- TCP Activity 1
  eMule -- HTTP Activity (.met)
  BearShare -- HTTP User-Agent
  BitTorrent Protocol -- TCP Activity 2 [Reqs SID 5]
  Kazaa -- UDP Activity
  Xunlei Thunder -- Search Activity 2
  Fileguri -- HTTP Activity
  eMule -- TCP Activity 2
  Direct Connect -- TCP Activity 1
  Direct Connect -- TCP Activity 2
  Xunlei Thunder -- DNS Query (xunlei.com)
  Xunlei Thunder -- DNS Query (sandai.net)
  Xunlei Thunder -- DNS Query (emule.org.cn)
  Totodisk -- HTTP Activity
  Warez -- HTTP Activity
  Xunlei Thunder -- Search Activity 5
  Xunlei Thunder -- Search Activity 6
  Azureus -- HTTP User-Agent
  BitTorrent Protocol -- HTTP User-Agent (BitTorrent) [Reqs SID 5]
  Morpheus -- UDP Activity (NEOnet Client)
  BearShare -- SSL/TLS Activity
  Convivea -- Search Activity
  BitTorrent Protocol -- UDP Activity 3 [Reqs SID 5]
  VeryCD -- Search Activity 1
  VeryCD -- Search Activity 2
  eMule -- UDP Activity (easyMule VeryCD) 1
  eMule -- UDP Activity (Kad) 3
  eMule -- TCP Activity (easyMule VeryCD)
  eMule -- UDP Activity (easyMule VeryCD) 2
  eMule -- UDP Activity (easyMule) 2
  eMule -- UDP Activity (easyMule) 1
  eMule -- UDP Activity 1
  eMule -- UDP Activity (Kad) 4
  eMule -- UDP Activity (Kad) 5
  Xunlei Thunder -- Search Activity 7
  Xunlei Thunder -- Search Activity 8
  Xunlei Thunder -- HTTP Activity 1
  Xunlei Thunder -- HTTP Activity 2
  Xunlei Thunder -- HTTP Activity 3
  Xunlei Thunder -- TCP Activity 1
  Xunlei Thunder -- HTTP Activity 4
  eMule -- UDP Activity (Kad) 6
  eMule -- UDP Activity (Kad) 7
  eMule -- UDP Activity (Kad) 8
  eMule -- HTTP Activity 2
  Ares -- TCP Activity 2
  CitrixWire -- HTTP User-Agent
  FrostWire -- HTTP User-Agent 1
  FrostWire -- HTTP User-Agent 2
  Crux P2P -- HTTP User-Agent
  BTMon -- Search Activity
  BitTorrent.am -- Search Activity
  Full DLs -- Search Activity
  ISO Hunt -- Search Activity
  New Torrents -- Search Activity
  RAR Bg -- Search Activity
  The Pirate Bay -- TCP Activity 1
  The Pirate Bay -- UDP Activity
  Torrent Box -- Search Activity
  Ares -- UDP Activity 1
  Ares -- UDP Activity 2
  Torrent Reactor -- HTTP Activity 1
  Torrent Reactor -- HTTP Activity 2
  1337x -- DNS Query 1
  Torrent Reactor -- HTTP Activity 3
  Torrent Spy -- Search Activity
  BitLord -- HTTP Activity
  PeerFolders -- HTTP User-Agent
  BitTornado -- HTTP User-Agent
  BadBlue -- TCP Activity 1
  BadBlue -- TCP Activity 2
  iSendr -- HTTP Activity
  ABC (Yet Another Bittorrent Client) -- TCP Activity
  KoalaDC -- HTTP User-Agent
  Transmission -- HTTP User-Agent
  eMule -- UDP Activity 2
  ANts -- HTTP Activity
  Sharebox -- TCP Activity 1
  Sharebox -- TCP Activity 2
  Sharebox -- TCP Activity 3
  Sharebox -- UDP Activity 1
  Sharebox -- UDP Activity 2
  Sharebox -- UDP Activity 3
  Sharebox -- HTTPS Activity
  Sharebox -- HTTP Activity
  QDown -- TCP Activity
  QDown -- HTTP Activity
  eMule -- UDP Activity (eDonkey)
  eMule -- TCP Activity (eDonkey) 1
  eMule -- TCP Activity (eDonkey) 2
  Vuze -- DNS Query
  Vuze -- UDP Activity (LAN Discovery)
  Azureus -- HTTP Activity 2
  BitTorrent Protocol -- UDP Activity 4 [Reqs SID 5]
  Azureus -- DNS Query
  BitTorrent Protocol -- HTTP Activity 2 [Reqs SID 5]
  Azureus -- TCP Activity
  Azureus -- HTTP Activity 1
  BitTorrent Protocol -- HTTP Activity 3 [Reqs SID 5]
  BitTorrent Protocol -- TCP Activity 3 [Reqs SID 5]
  BitTorrent Protocol -- TCP Activity 4 [Reqs SID 5]
  BitTorrent Protocol -- TCP Activity 5 [Reqs SID 5]
  BitTorrent Protocol -- TCP Activity 6 [Reqs SID 5]
  Xunlei Thunder -- DNS Query (verycd.com)
  Xunlei Thunder -- UDP Activity 1
  The Pirate Bay -- TCP Activity 2
  Xunlei Thunder -- UDP Activity 2
  Xunlei Thunder -- TCP Activity 2
  Xunlei Thunder -- HTTP Activity 6
  100Bao -- TCP Activity
  Xunlei Thunder -- DNS Query (kankan.com)
  Xunlei Thunder -- HTTP Activity 5
  Xunlei Thunder -- Search Activity 9
  Xunlei Thunder -- Request URI (thunder)
  Soulseek -- TCP Activity 1
  Soulseek -- HTTP Activity
  Soulseek -- TCP Activity 2
  Soulseek -- DNS Query
  Xunlei Thunder -- Search Activity 10
  BitTorrent Protocol -- HTTP User-Agent (qBittorrent) [Reqs SID 5]
  The Proxy Bay -- HTTPS Activity
  BitTorrent Protocol -- UDP Activity 5 [Reqs SID 5]
  BitTorrent Protocol -- DNS Query 2 [Reqs SID 5]
  BitTorrent Protocol -- DNS Query 3 [Reqs SID 5]
  BitTorrent Protocol -- HTTP User-Agent 2 [Reqs SID 5]
  BitTorrent Protocol -- HTTP Activity 4 [Reqs SID 5]
  BitTorrent Protocol -- UDP Activity 6 [Reqs SID 5]


Relevant Information