[Snort-sigs] Using snort to Identify P2P transfers.

Tony Hernandez tonyh at ...1915...
Wed Oct 1 05:55:05 EDT 2003


I've got them turned on atm, was just looking for any experiences/input/comments on the whole thing. If anyone has any better rules etc. Guess not tho =)

> -----Original Message-----
> From: james [mailto:hackerwacker at ...225...]
> Sent: Tuesday, September 30, 2003 1:35 AM
> To: Tony Hernandez
> Cc: snort-sigs at lists.sourceforge.net
> Subject: Re: [Snort-sigs] Using snort to Identify P2P transfers.
> 
> 
> On Mon, 2003-09-29 at 09:51, Tony Hernandez wrote:
>  I was wondering if anyone has snort on a router mirror port 
> configured
> 
> 
> Yes, I mirror the edge routers Eth port to my Snort box.
> 
> 
>  to identify p2p traffic ie - kazaa, gnutella, directconnect.. etc. 
> 
> Just looking for some info on this, experiences, example sigs etc..
> 
> 
> Snort comes with P2P rules, try turning them on.
> 
> 




More information about the Snort-sigs mailing list