[Snort-sigs] Using snort to Identify P2P transfers.

james hackerwacker at ...225...
Mon Sep 29 22:35:04 EDT 2003


On Mon, 2003-09-29 at 09:51, Tony Hernandez wrote:
 I was wondering if anyone has snort on a router mirror port configured


Yes, I mirror the edge routers Eth port to my Snort box.


 to identify p2p traffic ie - kazaa, gnutella, directconnect.. etc. 

Just looking for some info on this, experiences, example sigs etc..


Snort comes with P2P rules, try turning them on.





More information about the Snort-sigs mailing list