| GEN:SID | 1:2181 |
| Message | P2P BitTorrent transfer |
| Summary | This event is generated when a BitTorrent client transfers data with another BitTorrent peer.
|
| Impact | Possible violation of policy and abuse of network resources.
|
| Detailed Information | BitTorrent is a peer-to-peer application used for simultaneous downloads of large files. BitTorrent is designed to allow multiple peers to download large files simultaneously without using extraneous bandwidth from a centralized server.
BitTorrent peers connect to other peers for file transfer. This rule looks for the BitTorrent protocol header on the default BitTorrent ports.
|
| Affected Systems | |
| Attack Scenarios | A user downloaded a BitTorrent client and attempts to download files from a BitTorrent network.
|
| Ease of Attack | Unix, Windows, and MacOS clients are publicly available for BitTorrent.
|
| Corrective Action | If this is a violation of network policy, take appropriate steps to prevent further violations.
|
| Additional References | Bittorrent Protocol Specification http://bitconjurer.org/BitTorrent/protocol.html
Wikipedia http://en.wikipedia.org/wiki/BitTorrent
|