[Snort-users] p2p traffic detect (torrents)
jesler at ...1935...
Wed Oct 31 11:02:00 EDT 2012
On Oct 31, 2012, at 10:29 AM, Dmitry Korzhevin <dmitry.korzhevin at ...15909....> wrote:
> Guys, can you please advice best way to detect torrents? For now i use only one rule in my /etc/snort/snort.conf configuration file:
> alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg: "torrent"; content:"GET"; content:"torrent"; sid:1100021; rev:1;)
> But i don't think it is best of snort can do to detect torrents.. I downloaded latest snortrules-snapshot-2931.tar.gz file from site snort.org using my oinkcode, i see, archive have some king of p2p.rules files..
> How should i need to connect this p2p.rules to my snort?
Take a look in the pua-p2p.rules category. You should see torrent rules in there.
Senior Research Engineer, VRT
OpenSource Community Manager
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users