'Re: [Snort-sigs] new rules'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-sigs
Subject:    Re: [Snort-sigs] new rules
From:       Joel Esler <jesler () sourcefire ! com>
Date:       2013-04-29 16:54:58
Message-ID: 1463F8E3-9D06-4097-B919-BFDD238B9602 () sourcefire ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


On Apr 29, 2013, at 12:35 PM, Chukhaltsetseg Shijirbaatar <sh_chukha@yahoo.com> \
wrote:

> alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg: "P2P mininova"; content: "GET"; \
> content:"www.mininova.org"; reference: url, http://www.mininova.org; classtype: \
> policy-violation; priority:1; sid:2000501; rev:1; ) 
> alert tcp $HOME_NET any ->$EXTERNAL_NET any (msg: "P2P Bittorrent Metafile"; flow: \
> to_server, established; content:"d8:announce"; reference: url, \
> http:///tracker.mininova.org/; classtype:policy-violation; priority:1; sid:2000502; \
> rev:1; ) 
> please help me. My diplom's topic is "P2P traffic detection using Snort IDS". 

We tend to not assist with homework.   Take a look at http://manual.snort.org for how \
to use Snort and structure your rules.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire


[Attachment #5 (unknown)]

<html><head><meta http-equiv="Content-Type" content="text/html \
charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: \
space; -webkit-line-break: after-white-space; "><div><div>On Apr 29, 2013, at 12:35 \
PM, Chukhaltsetseg Shijirbaatar &lt;<a \
href="mailto:sh_chukha@yahoo.com">sh_chukha@yahoo.com</a>&gt; wrote:</div><br \
class="Apple-interchange-newline"><blockquote type="cite"><div style="font-family: \
'times new roman', 'new york', times, serif; font-size: 16px; font-style: normal; \
font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: \
normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; \
white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; \
-webkit-text-stroke-width: 0px; ">alert tcp $HOME_NET any -&gt; $EXTERNAL_NET any \
(msg: "P2P mininova"; content: "GET"; content:"<a \
href="http://www.mininova.org/">www.mininova.org</a>"; reference: url,<span \
class="Apple-converted-space">&nbsp;</span><a \
href="http://www.mininova.org/">http://www.mininova.org</a>; classtype: \
policy-violation; priority:1; sid:2000501; rev:1; )</div><div style="font-family: \
'times new roman', 'new york', times, serif; font-size: 16px; font-style: normal; \
font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: \
normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; \
white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; \
-webkit-text-stroke-width: 0px; "><br></div><div style="font-family: 'times new \
roman', 'new york', times, serif; font-size: 16px; font-style: normal; font-variant: \
normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; \
text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: \
normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; \
-webkit-text-stroke-width: 0px; background-color: transparent; ">alert tcp $HOME_NET \
any -&gt;$EXTERNAL_NET any (msg: "P2P Bittorrent Metafile"; flow: to_server, \
established; content:"d8:announce"; reference: url,<span \
class="Apple-converted-space">&nbsp;</span><a \
href="http:/tracker.mininova.org/">http:///tracker.mininova.org/</a>; \
classtype:policy-violation; priority:1; sid:2000502; rev:1; )</div><div \
style="font-family: 'times new roman', 'new york', times, serif; font-size: 16px; \
font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: \
normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; \
text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; \
-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; background-color: \
transparent; "><span class="tab"><br></span></div><div style="font-family: 'times new \
roman', 'new york', times, serif; font-size: 16px; font-style: normal; font-variant: \
normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; \
text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: \
normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; \
-webkit-text-stroke-width: 0px; background-color: transparent; "><span \
class="tab">please help me. My diplom's topic is "P2P traffic detection using Snort \
IDS".<span class="Apple-converted-space">&nbsp;</span></span></div></blockquote></div><br><div>We \
tend to not assist with homework. &nbsp; Take a look at <a \
href="http://manual.snort.org">http://manual.snort.org</a> for how to use Snort and \
structure your rules.</div><div><br></div><div><span style="font-size: 12px; \
font-family: 'Lucida Grande'; ">--</span><br><span style="font-size: 12px; \
font-family: 'Lucida Grande'; "><b>Joel Esler</b></span><br><span style="font-size: \
12px; font-family: 'Lucida Grande'; ">Senior Research Engineer, VRT</span><br><span \
style="font-size: 12px; font-family: 'Lucida Grande'; ">OpenSource Community \
Manager</span><br><span style="font-size: 12px; font-family: 'Lucida Grande'; \
">Sourcefire</span></div><div><span style="font-size: 12px; font-family: 'Lucida \
Grande'; "><br></span></div><div><span style="font-size: 12px; font-family: 'Lucida \
Grande'; "><br></span></div></body></html>



------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr

_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic