Snort mailing list archives

Sig for Windows messenger service direct access?

From: Gary Flynn <flynngn () jmu edu>
Date: Mon, 01 Dec 2003 10:53:10 -0500


Anyone have a signature to detect Messenger access attempts
to the high ports on which it listens? In other words,
detecting the Messenger connections rather than the port
map connections to 135.

I'm not looking for exploit detections, just Messenger
activity.

thanks,

--
Gary Flynn
Security Engineer - Technical Services
James Madison University




-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Sig for Windows messenger service direct access? Gary Flynn (Dec 01)