Friday, July 29, 2005

Identifying network applications by their access profiles

This may be a bit off-topic, but intersting neverthelss. Did you ever wonder how one can identify applications that are running on a box in your network? Of course, you an analyze each packet, but that takes time and resources. Scanning ports is not really helpful either, as one can easily reconfigure most products.
Yiming Gong has found a new way for identifying P2P apps just on their communication behaviour(what packets they send).
Read the full scoop here:
http://www.securityfocus.com/infocus/1843