Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 2 subscribers
  • Views 55861 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PUA-P2P Bittorrent uTP peer request

xenon2008
Hello,

Yesterday i have upgraded my ASG 120 from v8 to v9.000
When i start downloading utorrent the IPS Log show always "PUA-P2P Bittorrent uTP peer request".
A DNAT port incomming to my PC is already set up.

How can i allow Torrent downloading for one or two pcs only?


This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to BarryG
    Hello BarryG,

    With Application Control disabled and the IPS Rule "2101" disabled, in the ips log is shown: (for testing now with skype)

    2012:07:17-20:05:51 ******X-1 snort[28256]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="PUA-P2P Skype client login" group="360" srcip="213.166.51.4" dstip="192.168.20.25" proto="6" srcport="33033" dstport="2980" sid="5999" class="Potential Corporate Privacy Violation" priority="1" generator="1" msgid="0"
    2012:07:17-20:05:53 ******X-1 snort[28256]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="PUA-P2P Skype client login" group="360" srcip="213.166.51.4" dstip="192.168.20.25" proto="6" srcport="33033" dstport="2981" sid="5999" class="Potential Corporate Privacy Violation" priority="1" generator="1" msgid="0"
    2012:07:17-20:06:00 ******X-1 snort[28256]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="PUA-P2P Skype client start up get latest version attempt" group="360" srcip="192.168.20.25" dstip="204.9.163.247" proto="6" srcport="2984" dstport="80" sid="5693" class="Potential Corporate Privacy Violation" priority="1" generator="1" msgid="0"
    2012:07:17-20:06:15 ******X-1 snort[28256]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="PUA-P2P Skype client login" group="360" srcip="149.13.32.15" dstip="192.168.20.25" proto="6" srcport="13392" dstport="2987" sid="5999" class="Potential Corporate Privacy Violation" priority="1" generator="1" msgid="0"
    2012:07:17-20:06:16 ******X-1 snort[28256]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="PUA-P2P Skype client login" group="360" srcip="149.13.32.15" dstip="192.168.20.25" proto="6" srcport="13392" dstport="2988" sid="5999" class="Potential Corporate Privacy Violation" priority="1" generator="1" msgid="0"  



    with torrent its the same but only with "PUA-P2P Bittorrent uTP peer request" and a another Rule ID.
  • 0 in reply to xenon2008
    The rule you want to except is rule ID 5999 (the "sid")  -- that 2101, I think, in your case is the process ID.

    and 5963 if you wanna use Skype.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Unfiltered HTML