Snort mailing list archives
snort multi packet inspection
From: "Gaurav_Jindal" <gaurav_jindal () da-iict org>
Date: Wed, 10 Mar 2004 17:42:12 +0530
Hi, I am looking forward to learn how snort looks for multi packet inspection, and it it has embedded timer to find out and apply threshold conditions to look for dos attacks? thanks, Gaurav
Hi I am just wondering if anyone has been able to capture imesh P2P traffic successfully using snort? I tried to come out with these two
signatures but
I think it's not good enough and my IDS still does not detect imesh.:-( alert tcp any any -> any any (msg:"iMesh P2P GET request"; flow:to_server,established; content:"GET /profile/profile.php?";sid:1000030;rev:1;classtype:misc-attack;) alert tcp any any -> any any (msg:"iMesh Possible P2P imesh.com host"; flow:to_server,established; content:"imesh.com";sid:1000031;rev:1;classtype:misc-attack;) Any hints will be appreciated! Thanks, Jasmine -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.1 iQA/AwUBQE7Lyv4wcdIw6CVjEQKBtACeLtHPDJ0cJzlwvabizHorl20/+uUAoINN pc1u2w7WcbuT29uafUYupkIw =v4dB -----END PGP SIGNATURE-----
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort multi packet inspection Gaurav_Jindal (Mar 10)