[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 10 Aug 2006 16:16:55 +1000
From: mikeiscool <michaelslists@...il.com>
To: NTR <ntr@...oto.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: NNTP and Yahoo IM conflict
On 8/10/06, NTR <ntr@...oto.com> wrote:
> Hi All,
>
> I am trying analyze NNTP traffic and i have created a profile for NNTP
> protocol. It's a kind of NNTP protocol anomaly detection.
> I have also observed some time Yahoo Instant Messenger uses NNTP
> port. Though it is using NNTP port the format is quite different
> from NNTP protocol. It is the point where my parsing engine facing
> problem. Each time whenever yahoo connects on NNTP port
> my parsing engine treats it as NNTP protocol anomaly and start generating
> alerts. I am looking for some advise or solution to solve
> this problem. how we should profile NNTP protocol so that it can
> differentiate yahoo traffic from the genuine NNTP traffic.
>
> Thanks and anticipating early solutions.
I guess this would be a start:
ftp://ftp.rfc-editor.org/in-notes/rfc977.txt
> Thanks and Regards,
> NTR
-- mic
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists