Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: P2P GNUTella GET

From: Always Bishan <bishan4u () yahoo co uk>
Date: Tue, 11 Mar 2003 07:14:54 +0000 (GMT)
hi


I'm a little confused by Ken and Erek's responses. 
I thought that
this rule is triggered by Gnutella traffic FROM
Bishan's network TO an
external host.  In that case, the rule is to alert
him that one of his
users is attempting to run Gnutella.


Yes thats true. Some machine from my network is
accessing this website


 If I'm reading
that right, then
what would be the point of blinding the rule to 8080
traffic?  At that
point, he may as well just comment out the rule
altogether.


yes, but there is no rule in p2p.rules for 8080 port,
its only for 80 port no.

i think using pass rule will help, passing all the
traffic from my network to port 8080 on internet.

if i'm wrong or if any other technique is there,
please post me.

regards,
Bishan

__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: