Versions (4)
Version DetailsCurrent
Rev: 13 • Jul 30, 2010, 12:00 PMET P2P ed2k connection to server
alert tcp any any -> any 4660:4799 (msg:"ET P2P ed2k connection to server"; flow: to_server,established; content:"|e3|"; depth:1; content:"|00 00 00 01|"; distance:2; within:4; reference:url,www.giac.org/practical/GCIH/Ian_Gosling_GCIH.pdf; classtype:policy-violation; sid:2000330; rev:13; metadata:created_at 2010_07_30, confidence High, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Jul 30, 2010, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
Dec 8, 2025, 10:34 PM
rules/emerging-p2p.rules