[Snort-sigs] FW: Trying to detect Morpheus and Streaming multi.

Chris Green cmg at ...435...
Thu Mar 21 11:47:07 EST 2002


"Madziarczyk, Jonathan" <than at ...460...> writes:

> Hi, I think this is the right place for this....
>  
> 1)     I'm trying to find a way of detecting P2P file sharing programs such
> as Kazaa and Morpheus.  I see the sig for Gnutella and it appears to be
> working.  Is there on for these other programs? (from what I can tell, Kazaa
> and Morpheus use tcp 1417 to make an initial conn).

Look at policy.rules. tcp/1214 HTTP GET area pretty good inidicator.   
>  
> 2)     I'm also trying to detect streaming multimedia coming into my network
> (I assume this is a multicast of some kind).  Is there any sigs out there
> that will check this for me?

Do you support Multicast coming onto your network?  I haven't heard of
many non-edu's that have MBONE style broadcasts

Do you know what kind of client they are using?

Real Player/MS Media Server/Quicktime servers are the ones I think of
and shoutcast.

>  
> Thanks in advance for you help!
>  
> JonM

-- 
Chris Green <cmg at ...435...>
Fame may be fleeting but obscurity is forever.





More information about the Snort-sigs mailing list