[Snort-sigs] Locutus sigs?

Bob Dehnhardt bob.dehnhardt at ...1141...
Mon Feb 10 11:07:06 EST 2003


Has anyone written any signatures for Locutus, the new .NET-based P2P app?
Looking at the FAQ at http://locut.us/ <http://locut.us/> , it looks to me
like the following should work:

alert tcp 195.8.71.92/32 any -> $HOME_NET 6901 (msg:"P2P LOCUTUS message
transfer"; classtype:policy-violation; reference:url,locut.us; sid:100048;
rev:1;)

alert tcp $EXTERNAL_NET any -> $HOME_NET 6905 (msg:"P2P LOCUTUS file
transfer"; classtype:policy-violation; reference:url,locut.us; sid:100049;
rev:1;)

 - Bob

Bob Dehnhardt
IT Operations Manager - Reno
TriNet
(775) 327-6407





More information about the Snort-sigs mailing list