Mailinglist Archive: opensuse (2629 mails)
| < Previous | Next > |
[SLE] Napster Usage
- From: BobFi@xxxxxxxxxx (BobF)
- Date: Sat, 06 May 2000 22:40:51 -0500
- Message-id: <0005062242320D.01636@desk1>
This was on INCIDENTS@xxxxxxxxxxxxxxxxx today:
If anyone wants a good way to detect napster usage (as well as lots of other
shenanigans) you might try using snort IDS.
http://myweb.clark.net/~roesch/
"A Lightweight Intrusion Detection System"
Jim Forster wrote some snort rules to report on Napster usage.
http://snort.rapidnet.com/
Here are the Napster Rules that show ports and content. You can adapt this
to your own IDS. It triggers for me whenever I go on napster (I only use
napster for research purposes ;^> )
alert tcp any any <> any 6699 (msg:"Napster Client Data"; flags:PA;
content:".mp3"; nocase;)
alert tcp any any <> any 8888 (msg:"Napster 8888 Data"; flags:PA;
content:".mp3"; nocase;)
alert tcp any any <> any 7777 (msg:"Napster 7777 Data"; flags:PA;
content:".mp3"; nocase;)
alert tcp any any <> any 6666 (msg:"Napster 6666 Data"; flags:PA;
content:".mp3"; nocase;)
alert tcp any any <> any 5555 (msg:"Napster 5555 Data"; flags:PA;
content:".mp3"; nocase;)
alert tcp any any <> any 4444 (msg:"Napster 4444 Data"; flags:PA;
content:".mp3"; nocase;)
alert tcp any any <> any 8875 (msg:"Napster Server Login"; flags:PA;
content:"anon@xxxxxxxxxxx";)
--
Bob F
EMail BobFi@xxxxxxxxxx
A Truly Wise Man Never Plays
Leapfrog With A Unicorn...
--
To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
| < Previous | Next > |