[Snort-sigs] Common encrytpion Identification?

Tony Hernandez tonyh at ...1915...
Wed Oct 8 06:09:04 EDT 2003


Has anyone got any rules for detecting encryption types? I believe that I have some users that are encrypting p2p traffic and would like to poke into this a bit. It's pretty obvious by the ports they are connecting to however, the usual p2p rules dont work for this. I took a look at the packets and they all begin with ".....=..._....E." anyone have any ideas?


Tony




More information about the Snort-sigs mailing list