[Snort-sigs] imesh signature?

Jasmine CHUA Jasmine.Chua at ...2304...
Wed Mar 10 00:09:03 EST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Hi

I am just wondering if anyone has been able to capture imesh P2P traffic
successfully using snort? I tried to come out with these two signatures but
I think it's not good enough and my IDS still does not detect imesh.:-(

alert tcp any any -> any any (msg:"iMesh P2P GET request";
flow:to_server,established; content:"GET
/profile/profile.php?";sid:1000030;rev:1;classtype:misc-attack;)
alert tcp any any -> any any (msg:"iMesh Possible P2P imesh.com host";
flow:to_server,established;
content:"imesh.com";sid:1000031;rev:1;classtype:misc-attack;)

Any hints will be appreciated! 

Thanks,
Jasmine
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1

iQA/AwUBQE7I6f4wcdIw6CVjEQKYFACfTV3b20sKtuYyB9UgHY5GU2jQjvUAn17k
cQ/n+nf2/G25cR3DTOPS8pVZ
=ek+D
-----END PGP SIGNATURE-----


-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGPexch.rtf.asc
Type: application/octet-stream
Size: 539 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20040310/419c7d56/attachment.obj>


More information about the Snort-sigs mailing list