alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024: (msg:"ET
P2P? Vuze BT UDP Connection"; dsize:<80; content:!"|00 22 02 00|"; depth: 4; content:"|00 00 04|"; distance:8; within:3; content:"|00 00 00 00 00|"; distance:6; within:5; threshold: type limit, count 1, seconds 120, track by_src; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; classtype:policy-violation; sid:2010140; rev:7; metadata:created_at 2010_07_30, updated_at 2016_11_01;)
Added 2017-08-07 21:03:14 UTC
alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024: (msg:"ET
P2P? Vuze BT UDP Connection"; dsize:<80; content:!"|00 22 02 00|"; depth: 4; content:"|00 00 04|"; distance:8; within:3; content:"|00 00 00 00 00|"; distance:6; within:5; threshold: type limit, count 1, seconds 120, track by_src; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; classtype:policy-violation; sid:2010140; rev:7;)
Added 2016-11-01 18:45:10 UTC
alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024: (msg:"ET
P2P? Vuze BT UDP Connection"; dsize:<80; content:!"|00 22 02 00|"; depth: 4; content:"|00 00 04|"; distance:8; within:3; content:"|00 00 00 00 00|"; distance:6; within:5; threshold: type limit, count 1, seconds 120, track by_src; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; classtype:policy-violation; sid:2010140; rev:7;)
Added 2016-11-01 18:39:19 UTC
alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET any (msg:"ET
P2P? Vuze BT UDP Connection"; dsize:<80; content:!"|00 22 02 00|"; depth: 4; content:"|00 00 04|"; distance:8; within:3; content:"|00 00 00 00 00|"; distance:6; within:5; threshold: type limit, count 1, seconds 120, track by_src; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; classtype:policy-violation; sid:2010140; rev:6;)
Added 2014-09-05 20:08:50 UTC
alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET any (msg:"ET
P2P? Vuze BT UDP Connection"; dsize:<80; content:!"|00 22 02 00|"; depth: 4; content:"|00 00 04|"; distance:8; within:3; content:"|00 00 00 00 00|"; distance:6; within:5; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; classtype:policy-violation; sid:2010140; rev:5;)
Added 2011-10-12 19:29:00 UTC
alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET any (msg:"ET
P2P? Vuze BT UDP Connection"; dsize:<80; content:!"|00 22 02 00|"; depth: 4; content:"|00 00 04|"; distance:8; within:3; content:"|00 00 00 00 00|"; distance:6; within:5; classtype:policy-violation; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; sid:2010140; rev:5;)
Added 2011-09-14 22:42:17 UTC
alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET any (msg:"ET
P2P? Vuze BT UDP Connection"; dsize:<80; content:!"|00 22 02 00|"; depth: 4; content:"|00 00 04|"; distance:8; within:3; content:"|00 00 00 00 00|"; distance:6; within:5; classtype:policy-violation; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/P2P/P2P_Vuze; sid:2010140; rev:5;)
Added 2011-02-04 17:29:35 UTC
alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET any (msg:"ET
P2P? Vuze BT UDP Connection"; dsize:<80; content:!"|00 22 02 00|"; depth: 4; content:"|00 00 04|"; offset:8; depth:3; content:"|00 00 00 00 00|"; distance:6; depth:5; classtype:policy-violation; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/P2P/P2P_Vuze; sid:2010140; rev:3;)
Added 2010-10-01 17:16:20 UTC
alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET any (msg:"ET
P2P? Vuze BT UDP Connection"; dsize:<80; content:!"|00 22 02 00|"; depth: 4; content:"|00 00 04|"; offset:8; depth:3; content:"|00 00 00 00 00|"; distance:6; depth:5; classtype:policy-violation; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/P2P/P2P_Vuze; sid:2010140; rev:3;)
Added 2010-10-01 17:16:20 UTC
alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET any (msg:"ET
P2P? Vuze BT UDP Connection"; dsize:<80; content:"|00 00 04|"; offset:8; depth:3; content:"|00 00 00 00 00|"; distance:6; depth:5; classtype:policy-violation; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/P2P/P2P_Vuze; sid:2010140; rev:2;)
Added 2009-11-02 20:30:41 UTC
VIACK video conferencing software can cause FP on this rule.
http://en.wikipedia.org/wiki/VIACK
Destination hostname is conf04.via3.com.
--
RichardUllrich - 04 Aug 2010
alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET any (msg:"ET
P2P? Vuze BT UDP Connection"; dsize:<80; content:"|00 00 04|"; offset:8; depth:3; content:"|00 00 00 00 00|"; distance:6; depth:5; classtype:policy-violation; reference:url,vuze.com; sid:2010140; rev:1;)
Added 2009-10-20 11:00:43 UTC