Re: Stormy P2P bot Sigs -- may be SKYPE ?

Matt Jonkman wrote:
> Ummm... that's a little scary.
>
> To be honest, when I was looking at those stormy variants the traffic
> didn't exactly conform to edonkey, but was close. It's VERY possible it
> may have been skype and I've written for the wrong protocol.
>
> Let me look into it and see what'll match. Anyone else seeing skype hits?
>   

I've just followed up another machine that was getting lots of hits. 
This machine belongs to a senior physics professor who I have known for
years.  There is no Edonkey or other file sharing p2p software on the
box and since it is a Mac it is unlikely to be infected with peacomm ;) 
and he was using SKYPE at the time of my alerts.

I suspect that the p2p rules are not widely used and those that do
monitor for p2p also ban SKYPE which we don't.

What puzzles me is why this has just started happening -- or are these
rules new?


Russell.