|
-- With Pattern 3.49,
BroadWeb IPS is able to recognize Skype File transfer, Skype
Video, and Winny P2P
BroadWeb BSST has released NK Pattern
3.49, which includes 4 important signatures that have full
controls over encrypted P2P connections:
#4043309107_SKYPE_LOGIN
#4043309108_SKYPE_FILE
TRANSFER
#4043309109_SKYPE_VIDEO
#4043309110_P2P Winny login attempt
–1
#4043309107_SKYPE_LOGIN
This signature identifies the
login behavior of Skype 2.5.x and below. If company policy
does not allow the use of Skype, please change the actions of
this rule to drop packets and reset connection.
#4043309108_SKYPE_FILE
TRANSFER
#4043309109_SKYPE_VIDEO
This signature identifies the
behavior of video conversation attempts via Skype 2.5.x and
below. If company policy does not allow video conversation
attempts via Skype, please change the actions of this rule to
drop packets and reset connection. Please be advised that once
a user’s computer receives TCP RESET commands from BroadWeb
IPS due to the user’s attempts to hold video conversations via
Skype, other Skype-provided functions such as Skype message
and Skype audio conversation would not work. The user needs to
login to Skype network again in order to continue the use of
Skype.
#4043309110_P2P Winny login attempt
–1
This signature identifies the
connections of Winny, a P2P application that has all its
traffics transmitted encrypted. Developed by Japanese, Winny’s
mechanism is very similar to eDonkey, another popular P2P,
which allows users search files directly and download them
using P2P technology. As Winny’s traffics are encrypted, most
IPS systems or application management systems cannot recognize
Winny connections. Winny is known to have vulnerabilities,
which could be exploited by malicious users or attacked by
worms. Reports have that incidents of critical information
leakage happened on several Japanese companies because these
companies have Winny installed by their internal employees. If
company policy does not allow the use of Winny P2P
application, please change the actions of this rule to drop
packets and reset connection.
Note:
The above 4 signatures need proper
NetKeeper kernels and NK Plug-ins to function well. Please
refer to the below table:
|
BroadWeb IPS
Device |
Kernel |
NK
Plug-in |
NK/Eulen
Pattern |
|
NK 3000P |
3.6.20 and
above |
1.4.14 and
above |
3.49 and
above |
|
NK 3000T |
3.5.20 and
above |
1.4.14 and
above |
3.49 and
above |
|
NK 5105 |
1.0.10 and
above |
1.4.14 and
above |
3.49 and
above |
|
Eulen /Eulen
Admin |
2.0.2 and
above |
Not
Applicable |
3.49 and
above |
|
Note 1:
BEMS 1.1 is needed for the installation of NK Plug-in
1.4.14
Note 2: P2P Winny
detection is not supported by NK
3000T |
About BSST
Broadweb Security Service Team (BSST)
- Empower Your Network Security. Broadweb NetKeeper Intruder
Prevention System delivers the protection against intrusion,
worms, DDOS, Instant messaging, P2P, Web-Mail, and Web
Post. | 