[Snort-users] streaming media detection
sethart at ...11827...
Thu Feb 3 12:37:29 EST 2005
I am also interested in detecting streaming audio into our network.
Its been eating up a ton of our bandwidth. I searched the bleeding
signatures and it doesnt look like there are any rules yet that look
for streaming http traffic. Has anyone played with this yet? Is
there any other way to flag this stuff besides by retroactivily
finding IP address subnets?
On Wed, 26 Jan 2005 05:27:12 -0800 (PST), Jose Maria Lopez
<jkerouac at ...12346...> wrote:
> El mié, 26 de 01 de 2005 a las 05:22, Paul Aviles escribió:
> > Is there a way to detect people streaming media or listening to music? With most of them using port 80 I am curious as to what approach to use.
> > Also, is there a way to send an email upon certain alerts?
> > Thanks
> You can look in the bleeding-edge rules to see if there are some
> rules to detect this kind of traffic. If you want just to stop
> this kind of traffic people use to do it using ACLs with Squid
> or blocking the IPs this programs connect to.
> About sending emails with certain alerts, I think OpenAanval
> can do that.
> Jose Maria Lopez Hernandez
> Director Tecnico de bgSEC
> jkerouac at ...12346...
> bgSEC Seguridad y Consultoria de Sistemas Informaticos
> The only people for me are the mad ones -- the ones who are mad to live,
> mad to talk, mad to be saved, desirous of everything at the same time,
> the ones who never yawn or say a commonplace thing, but burn, burn, burn
> like fabulous yellow Roman candles.
> -- Jack Kerouac, "On the Road"
> This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> Tool for open source databases. Create drag-&-drop reports. Save time
> by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users