[Snort-sigs] BIttorrent Signature updates
matt at ...2436...
Thu Jul 8 08:52:09 EDT 2004
Nigel Houghton wrote:
> Thanks for the link. I see the following two options which might cause
> some problems too:
> --minport <arg>
> minimum port to listen on, counts up if unavailable (defaults to
> --maxport <arg>
> maximum port to listen on (defaults to 6999)
> I hate this p2p stuff :)
Yes, that does make it difficult. I'm not a bittorrent expert. But I'd
assume to change the local ports used you'd have to be talking to a
server that is also the same, no? Any bittorrenters out there?
What would be interesting is a packet dump using a set of ports outside
the defined range. And also one going through a proxy server, as the
references in the protocol imply is possible with some work.
> Don't forget to include the references in your rules.
Yes, thanks for reminding me. :)
More information about the Snort-sigs