[Snort-sigs] new rules

Joel Esler jesler at ...435...
Mon Apr 29 12:54:58 EDT 2013


On Apr 29, 2013, at 12:35 PM, Chukhaltsetseg Shijirbaatar <sh_chukha at ...3725......> wrote:

> alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg: "P2P mininova"; content: "GET"; content:"www.mininova.org"; reference: url, http://www.mininova.org; classtype: policy-violation; priority:1; sid:2000501; rev:1; )
> 
> alert tcp $HOME_NET any ->$EXTERNAL_NET any (msg: "P2P Bittorrent Metafile"; flow: to_server, established; content:"d8:announce"; reference: url, http:///tracker.mininova.org/; classtype:policy-violation; priority:1; sid:2000502; rev:1; )
> 
> please help me. My diplom's topic is "P2P traffic detection using Snort IDS". 

We tend to not assist with homework.   Take a look at http://manual.snort.org for how to use Snort and structure your rules.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20130429/7cbfe27c/attachment.html>


More information about the Snort-sigs mailing list