SonicALERT
Search

Sonicwall Signatures


Go to All Categories list.
Go to All Applications list.

  eMule -- UDP Activity (easyMule VeryCD) 1

Category: P2P      

Application: eMule      

The eDonkey network is a decentralized, mostly server-based, peer-to-peer file sharing network best suited to share big files among users. There are many programs that act as the client part of the network. Most notably, eDonkey2000, the original client by MetaMachine; and eMule, a free program for Windows licensed under the GNU GPL. The eMule Project also developed a Kademlia network of their own (called Kad) to overcome the reliance on central servers.

eMule connects to multiple p2p networks, including eDonkey and Kad. eMule allows for direct exchange of sources between client nodes, quick recovery of corrupted downloads, and the use of a credits to reward uploaders. eMule transmits data in zlib-compressed form to save bandwidth.

SonicWALL signature SID 5, Encrypted Key Exchange -- Random Encryption (Skype,UltraSurf,Emule) is required in order to block eMule, and other eDonkey clients when they are run in obfuscated mode.

The eMule p2p protocol has been extended. The extensions are now supported by Xunlei and easyMule, popular peer-to-peer file sharing services, used mainly used in China and is all in the Chinese language.

This SonicWALL signature identifies legitimate eMule file p2p sharing traffic over UDP.



Relevant Information