Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
410
Views
0
Helpful
1
Replies

Soulseek Client Login

darin.marais
Level 4
Level 4

‎12-08-2003 02:20 AM - edited ‎03-09-2019 05:47 AM

I have an interesting observation. The signature Soulseek Client Login has triggered quite often when the victim’s address is a Nachi infected machine.

The signature is triggered when the attackers port is 135 and the victim’s port is TCP port 2234 or 2240.

Has any one else on the list seen this?

Perhaps some one could try explaining why signature is triggered.

What is the regular expression looking for in the signature?

Labels:
0 Helpful
1 Reply 1

khiebert
Level 1
Level 1

‎12-10-2003 03:03 PM

I've seen this activity, but not from src port 135. In my case the activity is from src port 80 to dst port 2234. Also, I can't find any cooresponding entry in the Firewall log to correlate to the alarm. There is no Nachi activity in our network that I'm aware of.

I'd also like to know what signature string expression triggers this alarm. Is this a defective signature perhaps?

0 Helpful
Customers Also Viewed These Support Documents