Signature Detail
Short Name |
P2P:EDONKEY:PORT-53 |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
P2P |
Keywords |
P2P eDonkey eMule |
Release Date |
2005/03/23 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
P2P: eDonkey Client Traffic Over Port 53
This signature detects peer-to-peer file sharing clients (eMule, eDonkey, etc.) using the eDonkey protocol over port 53. Because port 53 is normally reserved for DNS traffic, most network administrators keep port 53 open; some P2P servers use this open port to evade detection by the firewall.
Extended Description
This vulnerability enables eDonkey 2000 users to circumvent access control policies and trade files without restriction.
References