Snort mailing list archives
Rule to log Instant Messaging connections
From: Spy Guy <spyguy703 () yahoo com>
Date: Tue, 21 May 2002 16:58:47 -0700 (PDT)
I have a Snort IDS on my internal network. Its been running fine and everything works great. I am trying to create a custom rule to log certain events. I am trying to log connections to AOL, Yahoo, and MSN instant messaging services. The firewall is configured to not allow ALL traffic out. Thus, users are still connecting to these services via ports 21, 23, and 80 which ARE allowed OUT. Therefore, the included chat rules will not work. How should I write a rule to detect IM services running on thses ports? Should I create a generic rule that logs all port 21, 23, and 80 connections to: 216.136.226.0/24 for yahoo 64.4.13.128/25 for MSN etc...? Or is there a better approach? __________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Rule to log Instant Messaging connections Spy Guy (May 22)