Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Soulseek – Peer to Peer

Attack ID: CPAI-2004-05
Publish Date:
Last Update:
Category: Peer to Peer
Vulnerable Systems: Computers running Soulseek Peer to Peer client
Source: F-Secure
Description: Soulseek is a popular Peer to Peer client, specializing in sharing music files.
Severity:
Details: Malicious worms can use Soulseek as a mean to propagate. The recently discovered W32.HLLW.Deadhat/Vesser worm, copies itself to the soulseek shared directory, and uses the soulseek network to infect other computers.
Attack Detection: Users of VPN-1 NG with Application Intelligence R55W and InterSpect who have applied the solution outlined below, will identify Soulseek client connection attempts. SmartView Tracker will generate the following logging entries:

Attack Name: Peer to Peer Protocol Enforcement Violation
Attack Information: Soulseek Protocol Detected on Connection
Solution:

Users of InterSpect should update their SmartDefense by clicking the Update Now button on the SmartDefense SmartDashboard General window.

Users of VPN-1 NG with Application Intelligence R55W should update their SmartDefense by clicking the Online Update button on the SmartDefense SmartDashboard General window.

To enable the protection (Users of InterSpect):

  1. Select Application Intelligence > Peer to Peer
  2. Mark Soulseek
  3. Activate Settings to enforce the policy.

To enable the protection (Users of R55 and R55W):

Users of other versions of FireWall-1/VPN-1 can block TCP port 2240 to block the Soulseek client. This, however, applies to the latest Soulseek client (Version 152). There are different reports on different ports Soulseek uses in various versions. InterSpect provides the most comprehensive solution as the restriction is of the Soulseek protocol and not of a specific port.

Industry Reference:
Additional Information: