[Snort-users] p2p traffic detect (torrents)

Berk Gulenler gulenler at ...15881...
Wed Oct 31 11:03:49 EDT 2012


Hi,

I'm not rule expert but u can try this.

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg: "torrent"; 
content:"HTTP/"; content:"torrent"; flow:established,to_server; 
classtype:policy-violation; sid:1100021; rev:1;)


On 31/10/2012 16:29, Dmitry Korzhevin wrote:
> Guys, can you please advice best way to detect torrents? For now i use
> only one rule in my /etc/snort/snort.conf configuration file:
>
> /etc/snort/rules/local.rules:
>
> alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg: "torrent";
> content:"GET"; content:"torrent"; sid:1100021; rev:1;)
>
> But i don't think it is best of snort can do to detect torrents.. I
> downloaded latest snortrules-snapshot-2931.tar.gz file from site
> snort.org using my oinkcode, i see, archive have some king of p2p.rules
> files..
>
> How should i need to connect this p2p.rules to my snort?
>
>
>
> Best Regards,
> Dmitry
>
> ---
> Dmitry KORZHEVIN
> System Administrator
> STIDIA S.A. - Luxembourg
>
> e: dmitry.korzhevin at ...15907...
> m: +38 093 874 5453
> w: http://www.stidia.com
>
>
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_sfd2d_oct
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>

-- 
Berk Gulenler
System Administrator
Bogazici University Computer Center

Phone: +90 212 359 47 16
Fax:    +90 212 257 50 21
E-mail: gulenler at ...15881...




More information about the Snort-users mailing list