[Snort-sigs] MSN Instant Messenger

Andy Beal abeal at ...31...
Fri Jan 19 13:33:00 EST 2001


Heres a rule to log the data from the popular MSN Instant Messenger.  It
only logs the actual data, not any control messages, such as
login/logout.
Good for logging conversations.

alert tcp any 1863 <> $HOME_NET any (msg:"MSN IM Chat data
Logged";flags:PA; content:"|746578742F706C61696E|"; depth:100;)


Andy R. Beal
Network Engineer
Matrix Integration, LLC





More information about the Snort-sigs mailing list