Project

General

Profile

Actions

Feature #396

closed

Automatic P2P protocol detection

Added by Lambert Osas almost 13 years ago. Updated over 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Effort:
Difficulty:
Label:

Description

Hi,

I have been testing Suricata for some time now and my original goal has been to use Suricata as a deep packet inspection to block P2P in my network. I was initially testing out OpenDPI from: https://code.google.com/p/opendpi/ which is a high performance open source DPI engine capable of detecting over P2P traffic and other protocols efficiently.

However, it was quite complicated to get it working and does not support Netfilter queue unlike Suricata. So I was wondering if a similar P2P protocol detection can be integrated in Suricata.

Actions #1

Updated by Victor Julien over 12 years ago

  • Status changed from New to Closed

The ET rule set allows for detecting a lot of P2P, check emerging-p2p.rules.

Other than that, code based detection could be added. Feel free to open up feature requests for specific protocols.

Actions

Also available in: Atom PDF