Snort mailing list archives
signature needed for imesh p2p
From: Jasmine CHUA <Jasmine.Chua () internationalsos com>
Date: Wed, 10 Mar 2004 16:03:23 +0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi I am just wondering if anyone has been able to capture imesh P2P traffic successfully using snort? I tried to come out with these two signatures but I think it's not good enough and my IDS still does not detect imesh.:-( alert tcp any any -> any any (msg:"iMesh P2P GET request"; flow:to_server,established; content:"GET /profile/profile.php?";sid:1000030;rev:1;classtype:misc-attack;) alert tcp any any -> any any (msg:"iMesh Possible P2P imesh.com host"; flow:to_server,established; content:"imesh.com";sid:1000031;rev:1;classtype:misc-attack;) Any hints will be appreciated! Thanks, Jasmine -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.1 iQA/AwUBQE7Lyv4wcdIw6CVjEQKBtACeLtHPDJ0cJzlwvabizHorl20/+uUAoINN pc1u2w7WcbuT29uafUYupkIw =v4dB -----END PGP SIGNATURE-----
Attachment:
PGPexch.rtf.asc
Description:
Current thread:
- signature needed for imesh p2p Jasmine CHUA (Mar 10)