[Snort-sigs] MP3 Rules

F.M. Taylor root at ...7...
Fri Oct 13 16:23:27 EDT 2000


Here is my current set of MP3 rules.  They seem to work well with minimal
false alerts, but I have only run limited tests.  This used to be much
more specific, but the sheer bulk of the various permutations proved to be
prohibitive.  When I dig up the Larger set (seem to have misplaced it), I
will post it.

alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 00|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 01|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 02|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 03|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 04|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 05|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 06|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 07|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 08|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 09|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 0A|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 0B|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 10|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 11|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 12|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 13|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 14|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 15|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 16|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 17|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 18|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 19|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 1A|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 1B|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 20|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 21|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 22|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 23|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 24|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 25|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 26|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 27|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 28|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 29|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 2A|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 2B|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 30|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 31|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 32|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 33|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 34|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 35|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 36|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 37|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 38|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 39|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 3A|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 3B|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 40|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 41|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 42|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 43|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 44|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 45|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 46|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 47|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 48|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 49|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 4A|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 4B|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 50|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 51|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 52|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 53|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 54|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 55|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 56|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 57|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 58|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 59|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 5A|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 5B|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 60|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 61|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 62|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 63|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 64|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 65|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 66|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 67|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 68|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 69|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 6A|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 6B|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 70|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 71|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 72|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 73|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 74|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 75|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 76|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 77|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 78|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 79|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 7A|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 7B|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 80|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 81|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 82|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 83|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 84|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 85|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 86|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 87|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 88|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 89|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 8A|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 8B|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 90|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 91|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 92|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 93|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 94|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 95|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 96|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 97|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 98|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 99|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 9A|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA 9B|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA A0|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA A1|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA A2|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA A3|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA A4|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA A5|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA A6|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA A7|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA A8|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA A9|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA AA|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA AB|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA B0|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA B1|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA B2|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA B3|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA B4|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA B5|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA B6|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA B7|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA B8|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA B9|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA BA|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA BB|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA C0|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA C1|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA C2|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA C3|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA C4|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA C5|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA C6|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA C7|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA C8|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA C9|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA CA|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA CB|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA D0|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA D1|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA D2|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA D3|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA D4|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA D5|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA D6|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA D7|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA D8|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA D9|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA DA|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA DB|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA E0|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA E1|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA E2|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA E3|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA E4|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA E5|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA E6|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA E7|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA E8|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA E9|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA EA|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FA EB|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 00|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 01|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 02|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 03|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 04|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 05|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 06|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 07|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 08|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 09|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 0A|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 0B|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 10|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 11|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 12|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 13|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 14|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 15|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 16|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 17|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 18|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 19|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 1A|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 1B|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 20|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 21|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 22|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 23|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 24|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 25|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 26|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 27|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 28|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 29|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 2A|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 2B|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 30|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 31|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 32|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 33|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 34|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 35|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 36|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 37|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 38|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 39|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 3A|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 3B|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 40|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 41|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 42|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 43|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 44|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 45|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 46|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 47|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 48|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 49|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 4A|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 4B|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 50|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 51|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 52|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 53|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 54|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 55|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 56|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 57|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 58|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 59|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 5A|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 5B|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 60|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 61|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 62|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 63|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 64|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 65|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 66|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 67|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 68|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 69|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 6A|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 6B|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 70|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 71|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 72|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 73|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 74|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 75|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 76|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 77|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 78|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 79|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 7A|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 7B|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 80|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 81|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 82|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 83|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 84|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 85|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 86|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 87|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 88|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 89|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 8A|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 8B|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 90|";depth: 3;)
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 91|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 92|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 93|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 94|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 95|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 96|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 97|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 98|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 99|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 9A|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB 9B|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB A0|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB A1|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB A2|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB A3|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB A4|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB A5|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB A6|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB A7|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB A8|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB A9|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB AA|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB AB|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB B0|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB B1|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB B2|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB B3|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB B4|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB B5|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB B6|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB B7|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB B8|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB B9|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB BA|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB BB|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB C0|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB C1|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB C2|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB C3|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB C4|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB C5|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB C6|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB C7|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB C8|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB C9|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB CA|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB CB|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB D0|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB D1|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB D2|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB D3|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB D4|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB D5|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB D6|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB D7|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB D8|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB D9|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB DA|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB DB|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB E0|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB E1|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB E2|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB E3|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB E4|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB E5|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB E6|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB E7|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB E8|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB E9|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB EA|";depth: 3; )
alert tcp any 1024: -> any 1024:   (msg: "MPEG Audio"; content:"|FF FB EB|";depth: 3; )

---
Mike Taylor
Coordinator of Systems Administration and Network Security
Indiana State University.               Rankin Hall Rm 039
210 N 7th St.                           Terre Haute, IN.
Voice: 812-237-8843                                  47809
---
"You have zero privacy anyway.  Get over it."
           --Scott McNealy, Sun MicroSystems. 




More information about the Snort-sigs mailing list