lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <6.2.1.2.0.20060810115451.03383770@172.16.1.10>
Date: Thu, 10 Aug 2006 11:55:32 +0530
From: NTR <ntr@...oto.com>
To: full-disclosure@...ts.grok.org.uk
Subject: NNTP and Yahoo IM conflict

Hi All,

I am trying analyze NNTP traffic and i have created a profile for NNTP 
protocol.  It's a kind of NNTP protocol anomaly detection.
I have also observed some time Yahoo Instant Messenger uses NNTP 
port.  Though it is using NNTP port the format is quite different
from NNTP protocol.  It is the point where my parsing engine facing 
problem.  Each time whenever yahoo connects on NNTP port
my parsing engine treats it as NNTP protocol anomaly and start generating 
alerts.  I am looking for some advise or solution to solve
this problem.  how we should profile NNTP protocol so that it can 
differentiate yahoo traffic from the genuine NNTP traffic.

Thanks and anticipating early solutions.

Thanks and Regards,
NTR 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ