[Snort-sigs] signature for SoulSeek P2P?

twebster at ...2725... twebster at ...2725...
Thu Aug 12 13:44:04 EDT 2004




Ok, I have attached a pcap capture of my machine logging in and performing
a search.

I also tried, marcamone's two alerts he sent, the first one did trigger but
I could not get the second to trigger.

Also, I say an additional port being used, both 2240 and 2235.

thanks for all great responses, looks like a great mailing list to help
contribute to.

Tony

marcamone at ...1143... wrote on 08/12/2004 02:10:45 PM:

> See how these work:
> alert tcp $HOME_NET any -> 38.115.131.0/24 2240 (msg:"P2P Soulseek
> traffic"; classtype:policy-violation; sid:1000001; rev:1;)
>
> alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"P2P Soulseek";
> content:"slsknet"; classtype:policy-violation; sid:1000002; rev:1;)
> -----Original Message-----
> From: snort-sigs-admin at lists.sourceforge.net [mailto:snort-sigs-
> admin at lists.sourceforge.net] On Behalf Of twebster at ...2725...
> Sent: Thursday, August 12, 2004 1:38 PM
> To: snort-sigs at lists.sourceforge.net
> Subject: [Snort-sigs] signature for SoulSeek P2P?
>
> Does anyone have a snort signature to detect SoulSeek (www.slsknet.org
> ) file sharing traffic?
> thanks
> tony
>
> -------------------------------------------------------
> SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank
> Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only
> $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
> http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net https://lists.sourceforge.
> net/lists/listinfo/snort-sigs





More information about the Snort-sigs mailing list