Snort mailing list archives

Re: file swapping detection

From: Chris Green <cmg () uab edu>
Date: Fri, 08 Feb 2002 12:15:32 -0600

"Sheahan, Paul (PCLN-NW)" <Paul.Sheahan () priceline com> writes:

Does anyone have a list of rules they are willing to share that detect a
large list of file swapping software on the network (Morpheus, Gnutella
clients etc etc)?


Check out policy.rules.  WinMX and eDonkey are the popular ones that
still require signatures.  eDonkey is the udp 6257 and I think WinMX
is a tcp/410 but I'm not positive.
-- 
Chris Green <cmg () uab edu>
Let not the sands of time get in your lunch.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

file swapping detection Sheahan, Paul (PCLN-NW) (Feb 08)
- Re: file swapping detection Chris Green (Feb 08)