P2P sharing?

Topics: User Forum
Sep 16, 2013 at 8:28 PM
I just tried today and great tool!

However, when I run it today, our network admin detect this has P2P action. Does anyone has idea how to shut that down so I can continue using Terminals.

thanks!

CYBER SECURITY INCIDENT REPORT (CSIR)

SHORT DESCRIPTION

At 08:58 09/16/2013, a P2P file sharing activity was detected from source 10.1.68.111 (PC125) towards destination 10.1.68.13 (unknown host).

THREAT ASSESSMENT

MEDIUM – Detects a person-to-person file sharing activity via applications KaZaa, Napster, EDonkey, Gnutella, Bearshare etc.

TCP traffic from source 10.1.68.111 (PC125) towards destination 10.1.68.13 (unknown host) at port 8080 (HTTP-PROXY).

RECOMMENDED COURSE OF ACTION

Please identify the host and verify if activity is expected. Scan host for possible malware or worm infections.

TECHNICAL DETAILS

<153>Sep 16 18:58:02 HTTM-KP: "Sep 16, 2013 8:47:06 AM HST", "Sep 16, 2013 8:56:11 AM HST", "LOW", "System Rule: Network Activity: P2P File Sharing - Active", "This rule detects person-to-person file sharing activity via applications such as KaZaa, Napster, EDonkey, Gnutella, Bearshare etc.", "10.1.68.111", "9658", "10.1.68.13", "8080", "6", "<166>Sep 16 2013 08:50:16: %ASA-6-302013: Built outbound TCP connection 60665993 for DMZ2:10.1.68.13/8080 (10.1.68.13/8080) to inside:10.1.68.111/9658 (10.1.68.111/9658)"

SOURCE IP

10.1.68.111 (PC125)

DESTINATION IP

10.1.68.13 (unknown host) - DMZ2 Infrastructure
Coordinator
Sep 17, 2013 at 12:10 AM
I am not sure, if i understand properly your report, but terminals uses:
  • http port to check, if there any updates available.
  • the file sharing service is started manually, so it is not started by default and is not listed in your report
Are you sure, that this issue is caused by the Terminals.exe process?