EmergingThreats> Main Web>2001796 (2011-11-23, MrKrugger?) EditAttach

alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024:65535 (msg:"ET P2P? Kazaa over UDP"; content:"KaZaA"; nocase; threshold: type threshold, track by_src,count 10, seconds 60; reference:url,www.kazaa.com/us/index.htm; reference:url,doc.emergingthreats.net/bin/view/Main/2001796; classtype:policy-violation; sid:2001796; rev:5;)

Added 2011-10-12 19:10:55 UTC

False positives triggered by Kaspersky on udp port 13000.

-- MrKrugger? - 23 Nov 2011


alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024:65535 (msg:"ET P2P? Kazaa over UDP"; content:"KaZaA"; nocase; threshold: type threshold, track by_src,count 10, seconds 60; classtype: policy-violation; reference:url,www.kazaa.com/us/index.htm; reference:url,doc.emergingthreats.net/bin/view/Main/2001796; sid:2001796; rev:5;)

Added 2011-09-14 21:05:28 UTC


alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024:65535 (msg:"ET P2P? Kazaa over UDP"; content:"KaZaA"; nocase; threshold: type threshold, track by_src,count 10, seconds 60; classtype: policy-violation; reference:url,www.kazaa.com/us/index.htm; reference:url,doc.emergingthreats.net/bin/view/Main/2001796; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/P2P/P2P_Kazaa; sid:2001796; rev:5;)

Added 2011-02-04 17:21:36 UTC


alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024:65535 (msg:"ET P2P? Kazaa over UDP"; content:"KaZaA"; nocase; threshold: type threshold, track by_src,count 10, seconds 60; classtype: policy-violation; reference:url,www.kazaa.com/us/index.htm; reference:url,doc.emergingthreats.net/bin/view/Main/2001796; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/P2P/P2P_Kazaa; sid:2001796; rev:5;)

Added 2010-06-28 22:46:59 UTC


alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024:65535 (msg:"ET P2P? Kazaa over UDP"; content:"KaZaA"; nocase; threshold: type threshold, track by_src,count 10, seconds 60; classtype: policy-violation; reference:url,www.kazaa.com/us/index.htm; reference:url,doc.emergingthreats.net/bin/view/Main/2001796; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/P2P/P2P_Kazaa; sid:2001796; rev:5;)

Added 2010-06-28 22:46:59 UTC


alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024:65535 (msg:"ET P2P? Kazaa over UDP"; content:"KaZaA"; nocase; threshold: type threshold, track by_src,count 10, seconds 60; classtype: policy-violation; reference:url,www.kazaa.com/us/index.htm; reference:url,doc.emergingthreats.net/bin/view/Main/2001796; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/P2P/P2P_Kazaa; sid: 2001796; rev:5;)

Added 2009-02-10 20:53:06 UTC


alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024:65535 (msg:"ET P2P? Kazaa over UDP"; content:"KaZaA"; nocase; threshold: type threshold, track by_src,count 10, seconds 60; classtype: policy-violation; reference:url,www.kazaa.com/us/index.htm; reference:url,doc.emergingthreats.net/bin/view/Main/2001796; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/P2P/P2P_Kazaa; sid: 2001796; rev:5;)

Added 2009-02-10 20:53:06 UTC


alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024:65535 (msg:"ET P2P? Kazaa over UDP"; content:"KaZaA"; nocase; threshold: type threshold, track by_src,count 10, seconds 60; classtype: policy-violation; reference:url,www.kazaa.com/us/index.htm; sid: 2001796; rev:4;)

Added 2008-01-29 10:56:39 UTC


alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024:65535 (msg:"ET P2P? Kazaa over UDP"; content:"KaZaA"; nocase; threshold: type threshold, track by_src,count 10, seconds 60; classtype: policy-violation; reference:url,www.kazaa.com/us/index.htm; sid: 2001796; rev:4;)

Added 2008-01-29 10:56:39 UTC


alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024:65535 (msg: "BLEEDING-EDGE P2P? kazaa over UDP"; content:"KaZaA"; nocase; threshold: type threshold, track by_src,count 10, seconds 60; classtype: policy-violation; reference:url,www.kazaa.com/us/index.htm; sid: 2001796; rev:3; )



Topic revision: r2 - 2011-11-23 - MrKrugger?
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats