Soulseek Peer to Peer
|Category:||Peer to Peer|
|Vulnerable Systems:||Computers running Soulseek Peer to Peer client|
|Description:||Soulseek is a popular Peer to Peer client, specializing in sharing music files.|
|Details:||Malicious worms can use Soulseek as a mean to propagate. The recently discovered W32.HLLW.Deadhat/Vesser worm, copies itself to the soulseek shared directory, and uses the soulseek network to infect other computers.|
|Attack Detection:||Users of VPN-1 NG with Application Intelligence R55W and InterSpect who have applied the solution outlined below, will identify Soulseek client connection attempts. SmartView Tracker will generate the following logging entries:
Attack Name: Peer to Peer Protocol Enforcement Violation
Attack Information: Soulseek Protocol Detected on Connection
Users of InterSpect should update their SmartDefense by clicking the Update Now button on the SmartDefense SmartDashboard General window.
To enable the protection (Users of InterSpect):
To enable the protection (Users of R55 and R55W):
Users of other versions of FireWall-1/VPN-1 can block TCP port 2240 to block the Soulseek client. This, however, applies to the latest Soulseek client (Version 152). There are different reports on different ports Soulseek uses in various versions. InterSpect provides the most comprehensive solution as the restriction is of the Soulseek protocol and not of a specific port.