Snort mailing list archives
Re: file swapping detection
From: Chris Green <cmg () uab edu>
Date: Fri, 08 Feb 2002 12:15:32 -0600
"Sheahan, Paul (PCLN-NW)" <Paul.Sheahan () priceline com> writes:
Does anyone have a list of rules they are willing to share that detect a large list of file swapping software on the network (Morpheus, Gnutella clients etc etc)?
Check out policy.rules. WinMX and eDonkey are the popular ones that still require signatures. eDonkey is the udp 6257 and I think WinMX is a tcp/410 but I'm not positive. -- Chris Green <cmg () uab edu> Let not the sands of time get in your lunch. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- file swapping detection Sheahan, Paul (PCLN-NW) (Feb 08)
- Re: file swapping detection Chris Green (Feb 08)