[Snort-sigs] FW: Trying to detect Morpheus and Streaming multi.

Chris Green cmg at ...435...
Thu Mar 21 11:47:07 EST 2002

"Madziarczyk, Jonathan" <than at ...460...> writes:

> Hi, I think this is the right place for this....
> 1)     I'm trying to find a way of detecting P2P file sharing programs such
> as Kazaa and Morpheus.  I see the sig for Gnutella and it appears to be
> working.  Is there on for these other programs? (from what I can tell, Kazaa
> and Morpheus use tcp 1417 to make an initial conn).

Look at policy.rules. tcp/1214 HTTP GET area pretty good inidicator.   
> 2)     I'm also trying to detect streaming multimedia coming into my network
> (I assume this is a multicast of some kind).  Is there any sigs out there
> that will check this for me?

Do you support Multicast coming onto your network?  I haven't heard of
many non-edu's that have MBONE style broadcasts

Do you know what kind of client they are using?

Real Player/MS Media Server/Quicktime servers are the ones I think of
and shoutcast.

> Thanks in advance for you help!
> JonM

Chris Green <cmg at ...435...>
Fame may be fleeting but obscurity is forever.

More information about the Snort-sigs mailing list