[Snort-sigs] new rules

Chukhaltsetseg Shijirbaatar sh_chukha at ...144...
Mon Apr 29 12:35:07 EDT 2013


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg: "P2P mininova"; content: "GET"; content:"www.mininova.org"; reference: url, http://www.mininova.org; classtype: policy-violation; priority:1; sid:2000501; rev:1; )

alert tcp $HOME_NET any ->$EXTERNAL_NET any (msg: "P2P Bittorrent Metafile"; flow: to_server, established; content:"d8:announce"; reference: url, http:///tracker.mininova.org/; classtype:policy-violation; priority:1; sid:2000502; rev:1; )

please help me. My diplom's topic is "P2P traffic detection using Snort IDS". 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20130429/067cf2f7/attachment.html>


More information about the Snort-sigs mailing list