[Snort-sigs] Last addition for now

Matthew Jonkman matt at ...2436...
Tue Jun 29 19:46:11 EDT 2004


alert udp $EXTERNAL_NET any -> $HOME_NET any  (msg:"BLEEDING-EDGE Kaaza 
Media desktop p2pnetworking.exe Activity"; content:"|e30cb0|"; offset:0; 
depth:6; classtype:policy-violation;threshold: type limit, track by_dst, 
count 1 , seconds 600; 
reference:url,www.giac.org/practical/GCIH/Ian_Gosling_GCIH.pdf; 
sid:2000340; rev:1;)

Last rule submitted by Chich Thierry. (That's such a cool name)

He is seeing activity left by p2pnetworking.exe which remains after a 
Kazaa uninstall.

Matt





More information about the Snort-sigs mailing list