Security Basics mailing list archives
RE: P2P Services and IDS
From: "Ed Fisher" <edf () cablejiggler com>
Date: Tue, 25 Nov 2003 20:52:00 -0500
Jason Check out the SANS Top 20 at http://www.sans.org/top20, in particular item W9. The list is one of the best resources around, and W9 addresses your specific questions. And that is a living document, so if any of the other readers of this list have any suggestions or updates that you don't want to post to the list, please feel free to email them to me directly. Cheers, Ed Disclaimer: I am not a SANS employee, but have played one on TV. Well, not really, but I did do three of the sections in the 2003 Top 20, including W9. -----Original Message----- From: jburzenski () americanhm com [mailto:jburzenski () americanhm com] Sent: Tuesday, 25 November 2003 16:47 To: security-basics () securityfocus com Subject: P2P Services and IDS Does anyone have an updated list of well known p2p ports? I'm also looking for any Snort rules to detect p2p activity. Snort out of the box comes with some rules for Gnutella, Kazaa, Napster and BitTorrent but I want to be able to detect hosts running some of the more obscure p2p clients as well (bearshare, grokster, etc.). I have to imagine someone else has done this already but I can't find the information anywhere. Hopefully, someone on this list has some resources. Otherwise, I'll start reinventing the wheel on Monday... Thanks, Jason --------------------------------------------------------------------------- ---------------------------------------------------------------------------- *************************************************************** NOTICE OF CONFIDENTIALITY This E-mail message and its attachments (if any) are intended solely for the use of the addressee hereof. In addition, this message and the attachments (if any) may contain information that is confidential, privileged and exempt from disclosure under applicable law. If you are not the intended recipient of this message, you are prohibited from reading, disclosing, reproducing, distributing, disseminating or otherwise using this transmission. Delivery of this message to any person other than the intended recipient is not intended to waive any right or privilege. If you have received this message in error, please promptly notify the sender by reply E-mail and immediately delete this message from your system. **************************************************************************** ********************************************************* This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- P2P Services and IDS jburzenski (Nov 25)
- <Possible follow-ups>
- RE: P2P Services and IDS Ed Fisher (Nov 26)
- RE: P2P Services and IDS Alvey Robert W KPWA (Nov 26)