Snort mailing list archives
RE: rule for MSN Messaging
From: "Michael Steele" <michaels () silicondefense com>
Date: Wed, 6 Nov 2002 16:09:39 -0800
Peter, Here is a rule that will log the data from MSN Instant Messenger. It only logs the actual data, not any control messages, such as login/logout. alert tcp any 1863 <> $HOME_NET any (msg:"MSN IM Chat data Logged";flags:PA; content:"|746578742F706C61696E|"; depth:100;) -Michael -- Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense: IDS solutions - http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Peter Param Sent: Wednesday, November 06, 2002 1:57 PM To: snort-users () lists sourceforge net Subject: [Snort-users] rule for MSN Messaging Hi all, Has anybody out there got a rule to alert/log on MSN messaging? cheers Peter ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been virus scanned and although no viruses were detected by the system, St Vincent's Hospital accepts no liability for any consequential damage resulting from email containing any computer viruses. ********************************************************************** ------------------------------------------------------- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- rule for MSN Messaging Peter Param (Nov 06)
- RE: rule for MSN Messaging Michael Steele (Nov 06)
- <Possible follow-ups>
- RE: rule for MSN Messaging Peter Param (Nov 06)