alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024: (msg:"ET P2P? Vuze BT UDP Connection"; dsize:<80; content:!"|00 22 02 00|"; depth: 4; content:"|00 00 04|"; distance:8; within:3; content:"|00 00 00 00 00|"; distance:6; within:5; threshold: type limit, count 1, seconds 120, track by_src; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; classtype:policy-violation; sid:2010140; rev:7;)

Added 2016-11-01 18:45:10 UTC


alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024: (msg:"ET P2P? Vuze BT UDP Connection"; dsize:<80; content:!"|00 22 02 00|"; depth: 4; content:"|00 00 04|"; distance:8; within:3; content:"|00 00 00 00 00|"; distance:6; within:5; threshold: type limit, count 1, seconds 120, track by_src; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; classtype:policy-violation; sid:2010140; rev:7;)

Added 2016-11-01 18:39:19 UTC


alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET any (msg:"ET P2P? Vuze BT UDP Connection"; dsize:<80; content:!"|00 22 02 00|"; depth: 4; content:"|00 00 04|"; distance:8; within:3; content:"|00 00 00 00 00|"; distance:6; within:5; threshold: type limit, count 1, seconds 120, track by_src; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; classtype:policy-violation; sid:2010140; rev:6;)

Added 2014-09-05 20:08:50 UTC


alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET any (msg:"ET P2P? Vuze BT UDP Connection"; dsize:<80; content:!"|00 22 02 00|"; depth: 4; content:"|00 00 04|"; distance:8; within:3; content:"|00 00 00 00 00|"; distance:6; within:5; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; classtype:policy-violation; sid:2010140; rev:5;)

Added 2011-10-12 19:29:00 UTC


alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET any (msg:"ET P2P? Vuze BT UDP Connection"; dsize:<80; content:!"|00 22 02 00|"; depth: 4; content:"|00 00 04|"; distance:8; within:3; content:"|00 00 00 00 00|"; distance:6; within:5; classtype:policy-violation; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; sid:2010140; rev:5;)

Added 2011-09-14 22:42:17 UTC


alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET any (msg:"ET P2P? Vuze BT UDP Connection"; dsize:<80; content:!"|00 22 02 00|"; depth: 4; content:"|00 00 04|"; distance:8; within:3; content:"|00 00 00 00 00|"; distance:6; within:5; classtype:policy-violation; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/P2P/P2P_Vuze; sid:2010140; rev:5;)

Added 2011-02-04 17:29:35 UTC


alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET any (msg:"ET P2P? Vuze BT UDP Connection"; dsize:<80; content:!"|00 22 02 00|"; depth: 4; content:"|00 00 04|"; offset:8; depth:3; content:"|00 00 00 00 00|"; distance:6; depth:5; classtype:policy-violation; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/P2P/P2P_Vuze; sid:2010140; rev:3;)

Added 2010-10-01 17:16:20 UTC


alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET any (msg:"ET P2P? Vuze BT UDP Connection"; dsize:<80; content:!"|00 22 02 00|"; depth: 4; content:"|00 00 04|"; offset:8; depth:3; content:"|00 00 00 00 00|"; distance:6; depth:5; classtype:policy-violation; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/P2P/P2P_Vuze; sid:2010140; rev:3;)

Added 2010-10-01 17:16:20 UTC


alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET any (msg:"ET P2P? Vuze BT UDP Connection"; dsize:<80; content:"|00 00 04|"; offset:8; depth:3; content:"|00 00 00 00 00|"; distance:6; depth:5; classtype:policy-violation; reference:url,vuze.com; reference:url,doc.emergingthreats.net/2010140; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/P2P/P2P_Vuze; sid:2010140; rev:2;)

Added 2009-11-02 20:30:41 UTC

VIACK video conferencing software can cause FP on this rule. http://en.wikipedia.org/wiki/VIACK Destination hostname is conf04.via3.com.

-- RichardUllrich - 04 Aug 2010


alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET any (msg:"ET P2P? Vuze BT UDP Connection"; dsize:<80; content:"|00 00 04|"; offset:8; depth:3; content:"|00 00 00 00 00|"; distance:6; depth:5; classtype:policy-violation; reference:url,vuze.com; sid:2010140; rev:1;)

Added 2009-10-20 11:00:43 UTC


Topic revision: r3 - 2010-08-04 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats