'Re: [Snort-users] Include details of payload in log message?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-users
Subject:    Re: [Snort-users] Include details of payload in log message?
From:       Toby Riddell <toby.riddell () prevtec ! com>
Date:       2016-06-12 17:07:18
Message-ID: CAG8X1ppQgmf=sSAX82O8pezVRSvFeE3w7SbM19rVe3n5ayzQuQ () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


That's a good point! But for the time being I'd rather detect than prevent,
prevention will come later.
On Jun 12, 2016 12:20 PM, <wkitty42@windstream.net> wrote:

> On 06/12/2016 06:54 AM, Toby Riddell wrote:
> > Hi,
> >
> > I want to detect activity by bittorrent clients on my home network. When
> they
> > start they open a port from the Internet using UPnP IGD, a sample
> payload is:
>
> from one old BOfH, if you disable that security hole known as uPNP, they
> can't
> do that and you won't have to worry about your network security being
> compromised by any uPNP program opening any ports it wants ;)
>
> --
>   NOTE: No off-list assistance is given without prior approval.
>         *Please keep mailing list traffic on the list* unless
>         private contact is specifically requested and granted.
>
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>

[Attachment #5 (text/html)]

<p dir="ltr">That&#39;s a good point! But for the time being I&#39;d rather detect \
than prevent, prevention will come later.</p> <div class="gmail_quote">On Jun 12, \
2016 12:20 PM,  &lt;<a \
href="mailto:wkitty42@windstream.net">wkitty42@windstream.net</a>&gt; wrote:<br \
type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex">On 06/12/2016 06:54 AM, Toby \
Riddell wrote:<br> &gt; Hi,<br>
&gt;<br>
&gt; I want to detect activity by bittorrent clients on my home network. When \
they<br> &gt; start they open a port from the Internet using UPnP IGD, a sample \
payload is:<br> <br>
from one old BOfH, if you disable that security hole known as uPNP, they \
can&#39;t<br> do that and you won&#39;t have to worry about your network security \
being<br> compromised by any uPNP program opening any ports it wants ;)<br>
<br>
--<br>
   NOTE: No off-list assistance is given without prior approval.<br>
            *Please keep mailing list traffic on the list* unless<br>
            private contact is specifically requested and granted.<br>
<br>
------------------------------------------------------------------------------<br>
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic<br>
patterns at an interface-level. Reveals which users, apps, and protocols are<br>
consuming the most bandwidth. Provides multi-vendor support for NetFlow,<br>
J-Flow, sFlow and other flows. Make informed decisions using capacity<br>
planning reports. <a href="https://ad.doubleclick.net/ddm/clk/305295220;132659582;e" \
rel="noreferrer" target="_blank">https://ad.doubleclick.net/ddm/clk/305295220;132659582;e</a><br>
 _______________________________________________<br>
Snort-users mailing list<br>
<a href="mailto:Snort-users@lists.sourceforge.net">Snort-users@lists.sourceforge.net</a><br>
 Go to this URL to change user options or unsubscribe:<br>
<a href="https://lists.sourceforge.net/lists/listinfo/snort-users" rel="noreferrer" \
target="_blank">https://lists.sourceforge.net/lists/listinfo/snort-users</a><br> \
Snort-users list archive:<br> <a \
href="http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users" \
rel="noreferrer" target="_blank">http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users</a><br>
 <br>
Please visit <a href="http://blog.snort.org" rel="noreferrer" \
target="_blank">http://blog.snort.org</a> to stay current on all the latest Snort \
news!<br> </blockquote></div>



------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e

_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic