[Snort-sigs] FW: Trying to detect Morpheus and Streaming multi.
cmg at ...435...
Thu Mar 21 11:47:07 EST 2002
"Madziarczyk, Jonathan" <than at ...460...> writes:
> Hi, I think this is the right place for this....
> 1) I'm trying to find a way of detecting P2P file sharing programs such
> as Kazaa and Morpheus. I see the sig for Gnutella and it appears to be
> working. Is there on for these other programs? (from what I can tell, Kazaa
> and Morpheus use tcp 1417 to make an initial conn).
Look at policy.rules. tcp/1214 HTTP GET area pretty good inidicator.
> 2) I'm also trying to detect streaming multimedia coming into my network
> (I assume this is a multicast of some kind). Is there any sigs out there
> that will check this for me?
Do you support Multicast coming onto your network? I haven't heard of
many non-edu's that have MBONE style broadcasts
Do you know what kind of client they are using?
Real Player/MS Media Server/Quicktime servers are the ones I think of
> Thanks in advance for you help!
Chris Green <cmg at ...435...>
Fame may be fleeting but obscurity is forever.
More information about the Snort-sigs