[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <6.2.1.2.0.20060810115451.03383770@172.16.1.10>
Date: Thu, 10 Aug 2006 11:55:32 +0530
From: NTR <ntr@...oto.com>
To: full-disclosure@...ts.grok.org.uk
Subject: NNTP and Yahoo IM conflict
Hi All,
I am trying analyze NNTP traffic and i have created a profile for NNTP
protocol. It's a kind of NNTP protocol anomaly detection.
I have also observed some time Yahoo Instant Messenger uses NNTP
port. Though it is using NNTP port the format is quite different
from NNTP protocol. It is the point where my parsing engine facing
problem. Each time whenever yahoo connects on NNTP port
my parsing engine treats it as NNTP protocol anomaly and start generating
alerts. I am looking for some advise or solution to solve
this problem. how we should profile NNTP protocol so that it can
differentiate yahoo traffic from the genuine NNTP traffic.
Thanks and anticipating early solutions.
Thanks and Regards,
NTR
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists