Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Rules » P2P rules experiences

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

P2P rules experiences


Posted by smome on April 18, 2005 15:34:38

Has anyone had success witht the P2P rules ? I'm seeing hardly any P2P traffic on my University network when I should be. Can u suggest if the rules need modification. also, I believe Ares is popular now, but there is no rule for it, is anyone looking at this subject significantly ?

Posted by ecawen on April 19, 2005 18:30:59

should it can modify by port ? and sign ?

Posted by lubo on April 20, 2005 06:03:24

you can detect P2P best by volume.. nr. of connections/sec per station or bytes transfered..

ports differ although there are default ones..

here's a good place for statistical IDS.. or organic IDS :)
site feedback | Terms of Use | Privacy Policy | forum archives ©2007 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.