[Snort-sigs] imesh signature?
tonyh at ...1915...
Fri Mar 12 07:31:13 EST 2004
I'm fairly certain that imesh is or atleast was using fasttrack or direct connect. So one of those rules should atleast catch it. From what I remember it was the same thing as Kazaa so it was easily monitored.
From: Jasmine CHUA [mailto:Jasmine.Chua at ...2304...]
Sent: Wednesday, March 10, 2004 2:51 AM
To: snort-sigs at lists.sourceforge.net
Subject: [Snort-sigs] imesh signature?
-----BEGIN PGP SIGNED MESSAGE-----
I am just wondering if anyone has been able to capture imesh P2P traffic
successfully using snort? I tried to come out with these two signatures but
I think it's not good enough and my IDS still does not detect imesh.:-(
alert tcp any any -> any any (msg:"iMesh P2P GET request";
alert tcp any any -> any any (msg:"iMesh Possible P2P imesh.com host";
Any hints will be appreciated!
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1
-----END PGP SIGNATURE-----
More information about the Snort-sigs