0 Replies Latest reply on Jul 17, 2013 10:40 AM by gandepas

    Torrent Traffic

    gandepas

      Hi ,

       

      For the following logs in SIEM-

       

      P2P BitTorrent MetaInfo Retrieving Policy Violation: PolicyViolation|restricted-application|Inbound|Suspicious|signature|p2p|udp|

      P2P BitTorrent File Transfer Policy Violation  PolicyViolation|restricted-application|Inbound|Suspicious|signature|p2p|udp|

      P2P BitTorrent Handshaking Policy Violation  : PolicyViolation|restricted-application|Inbound|Suspicious|signature|p2p

      P2P Torrent uTP BEP-29 Traffic Detected : PolicyViolation|restricted-application|Inbound|Maybe successful|signature|p2p|udp|

       

       

      I do see a lot of traffic for the above rule messages. The Source IP's are using random higher range port numbers. Their Locations are random and target IP's are our internal IP's. I am confused as to how to approach with such logs. Is it safe to allow such traffic ?

       

      Please let me know more about bittorrent traffic in this scenario.

       

      Thanks in advance for the help.

       

      Thanks!