P2P: eDonkey Client Traffic Over Port 53
This signature detects peer-to-peer file sharing clients (eMule, eDonkey, etc.) using the eDonkey protocol over port 53. Because port 53 is normally reserved for DNS traffic, most network administrators keep port 53 open; some P2P servers use this open port to evade detection by the firewall.
Extended Description
This vulnerability enables eDonkey 2000 users to circumvent access control policies and trade files without restriction.
References
Short Name
P2P:EDONKEY:PORT-53
Severity
Minor
Recommended
False
Recommended Action
None
Category
P2P
Keywords
53 Client Over Port Traffic eDonkey
Release Date
03/24/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3324
Port
UDP/53
False Positive
Unknown