Snort mailing list archives
Re: p2p traffic detect (torrents)
From: Berk Gulenler <gulenler () boun edu tr>
Date: Wed, 31 Oct 2012 17:03:49 +0200
Hi, I'm not rule expert but u can try this. alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg: "torrent"; content:"HTTP/"; content:"torrent"; flow:established,to_server; classtype:policy-violation; sid:1100021; rev:1;) On 31/10/2012 16:29, Dmitry Korzhevin wrote:
Guys, can you please advice best way to detect torrents? For now i use only one rule in my /etc/snort/snort.conf configuration file: /etc/snort/rules/local.rules: alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg: "torrent"; content:"GET"; content:"torrent"; sid:1100021; rev:1;) But i don't think it is best of snort can do to detect torrents.. I downloaded latest snortrules-snapshot-2931.tar.gz file from site snort.org using my oinkcode, i see, archive have some king of p2p.rules files.. How should i need to connect this p2p.rules to my snort? Best Regards, Dmitry --- Dmitry KORZHEVIN System Administrator STIDIA S.A. - Luxembourg e: dmitry.korzhevin () stidia com m: +38 093 874 5453 w: http://www.stidia.com ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
-- Berk Gulenler System Administrator Bogazici University Computer Center Phone: +90 212 359 47 16 Fax: +90 212 257 50 21 E-mail: gulenler () boun edu tr ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- p2p traffic detect (torrents) Dmitry Korzhevin (Oct 31)
- Re: p2p traffic detect (torrents) Joel Esler (Oct 31)
- Re: p2p traffic detect (torrents) Berk Gulenler (Oct 31)
- Re: p2p traffic detect (torrents) Berk Gulenler (Oct 31)
- Re: p2p traffic detect (torrents) Peter Bates (Oct 31)