[Snort-users] block p2p traffic

Charles Lacroix chuck at ...11481...
Wed Apr 14 06:40:25 EDT 2004

Here this might help you
i played with it a bit but it's kinda mean when it comes to blocking


it's for blocking p2p traffic with iptables

On Wednesday 14 April 2004 04:02, khaled fawzy wrote:
> dear group ;
>     I use snort flex response to block p2p protocols it works fine with the
> old versions of kazaa and imesh . the rule that catch this traffic is :
>      alert tcp $EXTERNAL_NET any -> $HOME_NET 1214 (msg:"P2P Fastrack
> (kazaa/morpheus) GET request"; flow:to_server,established; content:"GET ";
> depth:4; reference: url,www.musiccity.com/technology.htm;
> reference:url,www.kazaa.com; resp: rst_all; classtype:policy-violation;
> sid:1383; rev:4;)
> alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"P2P Fastrack
> (kazaa/morpheus) traffic"; flow:to_server,established; content:"GET";
> depth:3; content:"UserAgent\: KazaaClient"; reference:url,www.kazaa.com;
> resp:rst_all; classtype:policy-violation; sid:1699; rev:4;)
> but this rule can not see the newer version of kazaa (2.6) and imesh (4.5).
> could anyone  has a modified rule to catch p2p trafic please. or any one
> konw any other open source software that i can use to block p2p. thanks in
> advace and goodbye.
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

More information about the Snort-users mailing list