[Snort-users] Morpheous detection

Chris Green cmg at ...671...
Thu Feb 7 09:46:02 EST 2002


Bob Van Cleef <vancleef at ...211...> writes:

> Is there a signature that would alert me if someone was running
> Morpheus or an equivalent program on one of our systems?

% grep -i morpheus *.rules
policy.rules:alert tcp $EXTERNAL_NET any -> $HOME_NET 1214 \
(msg:"INFO Fastrack  (kazaa/morpheus) GET request";
 flags:A+; content:"GET "; depth:4;
reference:url,www.musiccity.com/technology.htm;
reference:url,www.kazaa.com;
classtype:protocol-command-decode; sid:1383; rev:1;)
-- 
Chris Green <cmg at ...671...>
Fame may be fleeting but obscurity is forever.




More information about the Snort-users mailing list