[Snort-users] Morpheous detection
cmg at ...671...
Thu Feb 7 09:46:02 EST 2002
Bob Van Cleef <vancleef at ...211...> writes:
> Is there a signature that would alert me if someone was running
> Morpheus or an equivalent program on one of our systems?
% grep -i morpheus *.rules
policy.rules:alert tcp $EXTERNAL_NET any -> $HOME_NET 1214 \
(msg:"INFO Fastrack (kazaa/morpheus) GET request";
flags:A+; content:"GET "; depth:4;
classtype:protocol-command-decode; sid:1383; rev:1;)
Chris Green <cmg at ...671...>
Fame may be fleeting but obscurity is forever.
More information about the Snort-users