[Snort-users] p2p traffic detect (torrents)

Dmitry Korzhevin dmitry.korzhevin at ...15907...
Wed Oct 31 10:29:29 EDT 2012


Guys, can you please advice best way to detect torrents? For now i use 
only one rule in my /etc/snort/snort.conf configuration file:

/etc/snort/rules/local.rules:

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg: "torrent"; 
content:"GET"; content:"torrent"; sid:1100021; rev:1;)

But i don't think it is best of snort can do to detect torrents.. I 
downloaded latest snortrules-snapshot-2931.tar.gz file from site 
snort.org using my oinkcode, i see, archive have some king of p2p.rules 
files..

How should i need to connect this p2p.rules to my snort?



Best Regards,
Dmitry

---
Dmitry KORZHEVIN
System Administrator
STIDIA S.A. - Luxembourg

e: dmitry.korzhevin at ...15907...
m: +38 093 874 5453
w: http://www.stidia.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4488 bytes
Desc: ���������������������������������� �������������� S/MIME
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121031/eaff9821/attachment.bin>


More information about the Snort-users mailing list