p2pnet.net News:- In a Big Music-instigated bust, Spain’s Guardia Civil police in January “detained” alleged “hackers” accused of distributing “unauthorised” music and film files via different university networks in Spain and abroad.

Someone – possibly the record labels’ AFYVE (Asociación Fonográfica y Videográfica de España) – supposedly used Snort, an open source network intrusion detection system, to dig out addresses.

Operation SNORT, as it was appropriately named, started last summer “after complaints about hacker attacks and intrusions on computers” were apparently “received” from the University of Vigo.

“Following additional complaints filed by AFYVE … and EGEDA (Audiovisual Producers’ rights’ society) a judge granted search warrants for suspected addresses,” says a statement.

“Using software called Snort which tracks communications between computers it was possible to identify the IP addresses used by the hackers.”

In November and December last year, 11 searches were carried out in various locations throughout Spain, says the statement [NOTE: you'll need to be able to read Spanish.] here, going on:

“The operation resulted in the arrest of fourteen people charged with alleged infringements against intellectual property, unauthorised use of computer systems and unlawful use of private information. These are all crimes under the Spanish Criminal Code.”

Guardia Civil police are now studying computer hard drives and documentation seized in the raids, adds the statement.

So what’s Snort?

If it’s the same app used in Spain, it’s, “an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks,” says a site dedicated to the pig here.

“It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.

“Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba’s smbclient.

“Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump, a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system.”

We wondered if it’s being similarly used in other Hollywood-slash-Big Music-instigated ‘investigations’ elsewhere.

“I didn’t know about the Spanish operation or any other governmental/industry use of the system to perform these kinds of functions, but it’s something that Snort is certainly capable of,” Snort’s Martin Roesch told p2pnet.

However, “beyond collecting flow statistics Snort can’t really see inside encrypted traffic sessions at all,” he says.

Otherwise, Snort doesn’t really have a specific mission in mind, Roesch goes on. “It’s meant to be a flexible traffic analysis tool that can be put to use for any network analysis task. The rules language is certainly flexible enough to be used to search for p2p traffic protocols and do logging of sessions for extended periods of time. Additionally, Snort supports extensible interfaces so that users can add their own protocol analysis modules or any other complex analysis code to the system.”

This entry was posted on Wednesday, February 11th, 2004 at 10:42 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 2206 times