Snort mailing list archives
Windows Update P2P sig
From: James Lay via Snort-sigs <snort-sigs () lists snort org>
Date: Wed, 31 Jul 2019 05:57:03 -0600
Eh....not sure if it's super useful...other than to see it and say "Hey I need to shut that crap off". alert tcp any any -> any !$HTTP_PORTS (msg:"Windows Update P2P"; flow:established,to_server; content:"Swarm protocol"; within:20; classtype:not-suspicious; sid:20166299; rev:1; metadata:created_at 2019_07_31;) Can't share the pcap, tcp port was 7680, not sure if other ports are used. James
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Windows Update P2P sig James Lay via Snort-sigs (Jul 31)