RE: P2P Services and IDS

["Ed Fisher" <edf () cablejiggler com>]

Jason
Check out the SANS Top 20 at http://www.sans.org/top20, in particular item
W9.  The list is one of the best resources around, and W9 addresses your
specific questions.  And that is a living document, so if any of the other
readers of this list have any suggestions or updates that you don't want to
post to the list, please feel free to email them to me directly.
Cheers,
Ed

Disclaimer: I am not a SANS employee, but have played one on TV.  Well, not
really, but I did do three of the sections in the 2003 Top 20, including W9.



-----Original Message-----
From: jburzenski () americanhm com [mailto:jburzenski () americanhm com]
Sent: Tuesday, 25 November 2003 16:47
To: security-basics () securityfocus com
Subject: P2P Services and IDS

Does anyone have an updated list of well known p2p ports?  

I'm also looking for any Snort rules to detect p2p activity.  Snort out of
the box comes with some rules for Gnutella, Kazaa, Napster and BitTorrent
but I want to be able to detect hosts running some of the more obscure p2p
clients as well (bearshare, grokster, etc.).  I have to imagine someone else
has done this already but I can't find the information anywhere.  Hopefully,
someone on this list has some resources.  Otherwise, I'll start reinventing
the wheel on Monday...

Thanks,

Jason

---------------------------------------------------------------------------
----------------------------------------------------------------------------


***************************************************************

NOTICE OF CONFIDENTIALITY

This E-mail message and its attachments (if any) are intended solely for the
use of the addressee hereof. In addition, this message and the attachments
(if any) may contain information that is confidential, privileged and exempt
from disclosure under applicable law. If you are not the intended recipient
of this message, you are prohibited from reading, disclosing, reproducing,
distributing, disseminating or otherwise using this transmission. Delivery
of this message to any person other than the intended recipient is not
intended to waive any right or privilege. If you have received this message
in error, please promptly notify the sender by reply E-mail and immediately
delete this message from your system.

****************************************************************************
*********************************************************
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************



---------------------------------------------------------------------------
----------------------------------------------------------------------------