[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-users
Subject: Re: [Snort-users] Include details of payload in log message?
From: Toby Riddell <toby.riddell () prevtec ! com>
Date: 2016-06-12 17:07:18
Message-ID: CAG8X1ppQgmf=sSAX82O8pezVRSvFeE3w7SbM19rVe3n5ayzQuQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
That's a good point! But for the time being I'd rather detect than prevent,
prevention will come later.
On Jun 12, 2016 12:20 PM, <wkitty42@windstream.net> wrote:
> On 06/12/2016 06:54 AM, Toby Riddell wrote:
> > Hi,
> >
> > I want to detect activity by bittorrent clients on my home network. When
> they
> > start they open a port from the Internet using UPnP IGD, a sample
> payload is:
>
> from one old BOfH, if you disable that security hole known as uPNP, they
> can't
> do that and you won't have to worry about your network security being
> compromised by any uPNP program opening any ports it wants ;)
>
> --
> NOTE: No off-list assistance is given without prior approval.
> *Please keep mailing list traffic on the list* unless
> private contact is specifically requested and granted.
>
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
[Attachment #5 (text/html)]
<p dir="ltr">That's a good point! But for the time being I'd rather detect \
than prevent, prevention will come later.</p> <div class="gmail_quote">On Jun 12, \
2016 12:20 PM, <<a \
href="mailto:wkitty42@windstream.net">wkitty42@windstream.net</a>> wrote:<br \
type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex">On 06/12/2016 06:54 AM, Toby \
Riddell wrote:<br> > Hi,<br>
><br>
> I want to detect activity by bittorrent clients on my home network. When \
they<br> > start they open a port from the Internet using UPnP IGD, a sample \
payload is:<br> <br>
from one old BOfH, if you disable that security hole known as uPNP, they \
can't<br> do that and you won't have to worry about your network security \
being<br> compromised by any uPNP program opening any ports it wants ;)<br>
<br>
--<br>
NOTE: No off-list assistance is given without prior approval.<br>
*Please keep mailing list traffic on the list* unless<br>
private contact is specifically requested and granted.<br>
<br>
------------------------------------------------------------------------------<br>
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic<br>
patterns at an interface-level. Reveals which users, apps, and protocols are<br>
consuming the most bandwidth. Provides multi-vendor support for NetFlow,<br>
J-Flow, sFlow and other flows. Make informed decisions using capacity<br>
planning reports. <a href="https://ad.doubleclick.net/ddm/clk/305295220;132659582;e" \
rel="noreferrer" target="_blank">https://ad.doubleclick.net/ddm/clk/305295220;132659582;e</a><br>
_______________________________________________<br>
Snort-users mailing list<br>
<a href="mailto:Snort-users@lists.sourceforge.net">Snort-users@lists.sourceforge.net</a><br>
Go to this URL to change user options or unsubscribe:<br>
<a href="https://lists.sourceforge.net/lists/listinfo/snort-users" rel="noreferrer" \
target="_blank">https://lists.sourceforge.net/lists/listinfo/snort-users</a><br> \
Snort-users list archive:<br> <a \
href="http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users" \
rel="noreferrer" target="_blank">http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users</a><br>
<br>
Please visit <a href="http://blog.snort.org" rel="noreferrer" \
target="_blank">http://blog.snort.org</a> to stay current on all the latest Snort \
news!<br> </blockquote></div>
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic