[Snort-sigs] snort-rules STABLE update @ Sat Jul 12 01:19:44 2003

bmc at ...95... bmc at ...95...
Sun Jul 13 12:07:05 EDT 2003

This rule update was brought to you by Oinkmaster.

[*] Rule modifications: [*]

  [+++]           Added:           [+++]

     file -> p2p.rules
     alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"P2P BitTorrent announce request"; flow:to_server,established; content:"GET"; offset:0; depth:4; content:"/announce"; distance:1; content:"info_hash="; offset:4; content:"event=started"; offset:4; classtype:policy-violation; sid:2180; rev:1;)
     alert tcp $HOME_NET any -> $EXTERNAL_NET 6881:6889 (msg:"P2P BitTorrent transfer"; flow:to_server,established; content:"|13|BitTorrent protocol"; offset:0; depth:20; classtype:policy-violation; sid:2181; rev:1;)

More information about the Snort-sigs mailing list