2010140 < Main < EmergingThreats

EmergingThreats>

Main Web>2010140 (2010-08-04, MattJonkman)

alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024: (msg:"ET P2P? Vuze BT UDP Connection"; dsize:<80; content:!"|00 22 02 00|"; depth: 4; content:"|00 00 04|"; distance:8; within:3; content:"|00 00 00 00 00|"; distance:6; within:5; threshold: type limit, count 1, seconds 120, track by_src; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; classtype:policy-violation; sid:2010140; rev:7;)

Added 2016-11-01 18:45:10 UTC

alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024: (msg:"ET P2P? Vuze BT UDP Connection"; dsize:<80; content:!"|00 22 02 00|"; depth: 4; content:"|00 00 04|"; distance:8; within:3; content:"|00 00 00 00 00|"; distance:6; within:5; threshold: type limit, count 1, seconds 120, track by_src; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; classtype:policy-violation; sid:2010140; rev:7;)

Added 2016-11-01 18:39:19 UTC

alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET any (msg:"ET P2P? Vuze BT UDP Connection"; dsize:<80; content:!"|00 22 02 00|"; depth: 4; content:"|00 00 04|"; distance:8; within:3; content:"|00 00 00 00 00|"; distance:6; within:5; threshold: type limit, count 1, seconds 120, track by_src; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; classtype:policy-violation; sid:2010140; rev:6;)

Added 2014-09-05 20:08:50 UTC

alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET any (msg:"ET P2P? Vuze BT UDP Connection"; dsize:<80; content:!"|00 22 02 00|"; depth: 4; content:"|00 00 04|"; distance:8; within:3; content:"|00 00 00 00 00|"; distance:6; within:5; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; classtype:policy-violation; sid:2010140; rev:5;)

Added 2011-10-12 19:29:00 UTC

alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET any (msg:"ET P2P? Vuze BT UDP Connection"; dsize:<80; content:!"|00 22 02 00|"; depth: 4; content:"|00 00 04|"; distance:8; within:3; content:"|00 00 00 00 00|"; distance:6; within:5; classtype:policy-violation; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; sid:2010140; rev:5;)

Added 2011-09-14 22:42:17 UTC

alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET any (msg:"ET P2P? Vuze BT UDP Connection"; dsize:<80; content:!"|00 22 02 00|"; depth: 4; content:"|00 00 04|"; distance:8; within:3; content:"|00 00 00 00 00|"; distance:6; within:5; classtype:policy-violation; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/P2P/P2P_Vuze; sid:2010140; rev:5;)

Added 2011-02-04 17:29:35 UTC

alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET any (msg:"ET P2P? Vuze BT UDP Connection"; dsize:<80; content:!"|00 22 02 00|"; depth: 4; content:"|00 00 04|"; offset:8; depth:3; content:"|00 00 00 00 00|"; distance:6; depth:5; classtype:policy-violation; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/P2P/P2P_Vuze; sid:2010140; rev:3;)

Added 2010-10-01 17:16:20 UTC

alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET any (msg:"ET P2P? Vuze BT UDP Connection"; dsize:<80; content:!"|00 22 02 00|"; depth: 4; content:"|00 00 04|"; offset:8; depth:3; content:"|00 00 00 00 00|"; distance:6; depth:5; classtype:policy-violation; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/P2P/P2P_Vuze; sid:2010140; rev:3;)

Added 2010-10-01 17:16:20 UTC

alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET any (msg:"ET P2P? Vuze BT UDP Connection"; dsize:<80; content:"|00 00 04|"; offset:8; depth:3; content:"|00 00 00 00 00|"; distance:6; depth:5; classtype:policy-violation; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/P2P/P2P_Vuze; sid:2010140; rev:2;)

Added 2009-11-02 20:30:41 UTC

VIACK video conferencing software can cause FP on this rule. http://en.wikipedia.org/wiki/VIACK Destination hostname is conf04.via3.com.

-- RichardUllrich - 04 Aug 2010

alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET any (msg:"ET P2P? Vuze BT UDP Connection"; dsize:<80; content:"|00 00 04|"; offset:8; depth:3; content:"|00 00 00 00 00|"; distance:6; depth:5; classtype:policy-violation; reference:url,vuze.com; sid:2010140; rev:1;)

Added 2009-10-20 11:00:43 UTC

Edit | Attach | Print version | History: r3 < r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions

Topic revision: r3 - 2010-08-04 - MattJonkman

Main

Log In or Register

User Reference
ATasteOfTWiki
TextFormattingRules

Signature Reference
WebRss Feed
EmergingFAQ

Copyright © Emerging Threats