[Snort-sigs] BIttorrent Signature updates

Matthew Jonkman matt at ...2436...
Thu Jul 8 08:52:09 EDT 2004


Nigel Houghton wrote:
> 
> Thanks for the link. I see the following two options which might cause
> some problems too:
> 
>  --minport <arg>
> 		 minimum port to listen on, counts up if unavailable (defaults to
> 		 6881) 
>  --maxport <arg>
> 		 maximum port to listen on (defaults to 6999)
> 
> I hate this p2p stuff :)

Yes, that does make it difficult. I'm not a bittorrent expert. But I'd 
assume to change the local ports used you'd have to be talking to a 
server that is also the same, no? Any bittorrenters out there?

What would be interesting is a packet dump using a set of ports outside 
the defined range. And also one going through a proxy server, as the 
references in the protocol imply is possible with some work.

> 
> Don't forget to include the references in your rules.
>  
Yes, thanks for reminding me. :)

Matt





More information about the Snort-sigs mailing list