[Snort-sigs] Using snort to Identify P2P transfers.
hackerwacker at ...225...
Mon Sep 29 22:35:04 EDT 2003
On Mon, 2003-09-29 at 09:51, Tony Hernandez wrote:
I was wondering if anyone has snort on a router mirror port configured
Yes, I mirror the edge routers Eth port to my Snort box.
to identify p2p traffic ie - kazaa, gnutella, directconnect.. etc.
Just looking for some info on this, experiences, example sigs etc..
Snort comes with P2P rules, try turning them on.
More information about the Snort-sigs