[Snort-users] P2P Rules and Sending TCP Resets.

Rob Ward rob.ward at ...11329...
Fri Feb 27 06:24:33 EST 2004

Hi, We're receiving a lot of complaints regarding copyright infringements 
from users within our Network using P2P software. Dealing with the 
complaints about P2P use is almost a full time job in itself at the moment.

We've succesfully managed to block some applications using Cisco NBAR but 
the more clued up students are configuring their P2P clients to use high 
port numbers which is giving us problems with Gnutella, Fasttrack and Bit 
Torrent in particular. We have managed to identify these users with Snort 
running on NetBSD. I've read about TCP resets in the archives but can't 
find any examples of how to implement this, can anyone help please?


Rob Ward
Network Northwest Support
University of Liverpool
Computing Services Department

Tel: 0151 794 4449
Fax: 0151 794 4442
Mob: 07970 247 326

More information about the Snort-users mailing list