GEN:SID | 1:2180 |
Message | P2P BitTorrent announce request |
Summary | This event is generated when a BitTorrent client connects to a tracker to gain access to a BitTorrent network.
|
Impact | Possible violation of policy and abuse of network resources.
|
Detailed Information | BitTorrent is a peer-to-peer application used for simultaneous downloads of large files. BitTorrent is designed to allow multiple peers to download large files simultaneously without using extraneous bandwidth from a centralized server.
BitTorrent's centralized server, called a tracker, refers peers to each other. This rule looks for a request sent to a BitTorrent tracker from a peer.
|
Affected Systems | |
Attack Scenarios | A user downloaded a BitTorrent client and attempts to download files from a BitTorrent network.
|
Ease of Attack | Unix, Windows, and MacOS clients are publicly available for BitTorrent.
|
Corrective Action | If this is a violation of network policy, take appropriate steps to prevent further violations.
|
Additional References | Bittorrent Protocol Specification http://bitconjurer.org/BitTorrent/protocol.html
Wikipedia http://en.wikipedia.org/wiki/BitTorrent
|