Snort mailing list archives

Previous By Date Next
Previous By Thread Next

snort multi packet inspection

From: "Gaurav_Jindal" <gaurav_jindal () da-iict org>
Date: Wed, 10 Mar 2004 17:42:12 +0530
Hi, 

  I am looking forward to learn how snort looks for multi packet
inspection, and it it has embedded timer to find out and apply threshold
conditions to look for dos attacks?

thanks,
Gaurav



Hi

I am just wondering if anyone has been able to capture imesh P2P traffic
successfully using snort? I tried to come out with these two

signatures but

I think it's not good enough and my IDS still does not detect imesh.:-(

alert tcp any any -> any any (msg:"iMesh P2P GET request";
flow:to_server,established; content:"GET
/profile/profile.php?";sid:1000030;rev:1;classtype:misc-attack;)
alert tcp any any -> any any (msg:"iMesh Possible P2P imesh.com host";
flow:to_server,established;
content:"imesh.com";sid:1000031;rev:1;classtype:misc-attack;)

Any hints will be appreciated! 

Thanks,
Jasmine

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1

iQA/AwUBQE7Lyv4wcdIw6CVjEQKBtACeLtHPDJ0cJzlwvabizHorl20/+uUAoINN
pc1u2w7WcbuT29uafUYupkIw
=v4dB
-----END PGP SIGNATURE-----








-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: